The Senior SIEM/SOAR Business Process Engineer is part of the Operations and Security Services (OSS) department and reports to the Senior Vice President & Deputy General Manager of OSS. The Senior SIEM/SOAR Business Process Engineer will be the senior technical individual contributor responsible for identifying, designing, and implementing process improvements related to CIS’s Security Operations Center (SOC) and our SIEM/SOAR implementation. The Senior SIEM/SOAR Business Process Engineer will be responsible for analyzing the data and processes associated with CIS’s SOC to identify opportunities for efficiency and operational improvement that will permit CIS to continue to scale our SOC operations. The outcome of these efforts will be an improved utilization of CIS’s limited investments as well as appropriate alert and event handling to best meet cybersecurity needs of a variety of U.S. State, Local, Tribal, and Territorial (SLTT) organizations, including those that we define as underserved (those organizations who have very limited resources and are not well served by current commercial providers).

CIS provides support to SLTT organizations through a set of cybersecurity solutions (IDS, PDNS, Endpoint) that provide data to CIS’s Security Operations Center (SOC). CIS is in the process of upgrading our SOC with the deployment of commercial technologies (Devo SIEM/SOAR, Snowflake data warehouse) to scale our capabilities and increase potential data sources. As CIS’s deployed services grow in both size and diversity, we need to improve our processes to make them more efficient as well as more operationally effective.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry-leading best practices for securing IT systems and data. CIS is also a trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities and election offices.

CIS has an award-winning reputation for investing in its people (click here to learn more), as well as continuous learning and development. We offer our employees diverse opportunities to expand their impact personally and professionally, in their local communities, and among one another. Core Leadership Principles drive our employees at every level of the organization, empowering them to be leaders in everything they do.

• Base salary is determined on a number of factors including, but not limited to, education, experience and skills
• Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
• $500 wellness card for Health Coverage Participants
• 401(k) with 4% Company Match, vested from the first day of hire
• Flexible Spending Account (FSA) & Dependent Care Account (DCA)
• Life Insurance
• Bonding Leave
• Paid Volunteering Program
• Bonus eligibility
• Paid Time Off (PTO) inclusive of vacation, personal and sick time
• Paid Holidays
• Wellness Program
• Employee Engagement Activities
• Professional Development Opportunities
• Tuition Reimbursement
• Student Loan PayDown Program
• Employee Referral program
• Employee Assistance Program

• Serve as a senior technical specialist on the CIS portfolio of cyber defense products and services with an emphasis on data collected and/or created by the associated business activities  
• Survey existing technology infrastructure, systems, and information to form a high-level view of present capabilities and future opportunities for improvement
• Make recommendations to CIS leadership on product capabilities, direction, investments, and divestments of technologies, products, and services
• Ensure that cyber defense activities and processes align with organizational objectives and SLTT needs, with a focus on leveraging existing investments and resources to deliver improved offerings
• Manage, develop, and tune queries, alerts, inputs, and scripts that integrate across the suite of cyber defense offerings and supporting operations infrastructure to document limitations, identify opportunities and solutions, scope new offerings, and define technical requirements for technology investments
• Assist internal support teams with troubleshooting highly technical issues that cannot be resolved by lower tiered support staff
• Provide briefings and training to SLTT members, Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC and EI-ISAC) executive committees, and internal stakeholders on security analytics and CIS offerings
• Work closely with the Sales, Marketing, and Communications teams to assist with pre- and post-sales support and provide input to develop materials for members
• Other tasks and responsibilities as assigned

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field*
• 5+ years’ experience in deploying and managing security monitoring and logging solutions
• 3+ years’ experience in security operations
• 3+ years’ experience using or producing Cyber Threat Intelligence designed for network defense
• Senior level knowledge of interacting with and performing analysis of data collected by security tools such as firewall, intrusion detection and prevention systems, data loss prevention, endpoint security tools, host-based logs, network logs, syslog, and other data sources
• Senior level proficiency in security log data enrichment, both processes and sources, to include significant operational experience with regular expressions (RegEx), SQL, Python, and analytic techniques
• Significant experience with network forensics and toolsets such as Wireshark, PCAP, and tcpdump, and MITRE ATT&CK framework
• Experience with cloud technologies and providers such as Amazon, Azure, and Google
• Excellent client-facing and internal communication skills
• Solid organizational skills including attention to detail and multi-tasking skills
• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**

It's a Plus if You Have:

• Advanced degree in Computer Science, Business, or a related field
• Strong presentation capabilities
• Relevant industry certifications such as CISSP, GCIH, GCIA, GMON
• Experience in incident response, vulnerability management, and security operations
• Experience in vendor management and relationships
• Familiarity with Agile DevOps and project management
• Strong knowledge of scripting languages such as Python and PowerShell

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

**Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct
• Dishonest Conduct
• Employment Misconduct
• Alcohol Abuse
• Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction) Additionally, illegal drug use includes the use of drugs that are illegal for federal purposes despite being legal in select states and countries, such as marijuana.
• False Statements
• Financial Issues
• Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.