SIEM Architect

• Serve as the primary escalation point for SIEM platform issues
• Serve as a SME for the SIEM platform
• Develops and implements effective correlation rules
• Tunes SIEM components to ensure maximum reliability and reduce false positives
• Review security contextalerts and logs using the firm’s security information event management platform (SIEM) or other tools
• Promptly respond to requests for assistance from end-users and others
• Escalate security events/incidents according to defined workflow and in accordance with any relevant SLAs
• Adhere to relevant policies, procedures, standards and security good/accepted practices
• Resolve problems independently and understand escalation procedure
• Respond in a timely manner to all requests for access or other security exceptions requiring approval or involvement from the information security team

• Ability to relate to non-technical users in user-friendly language
• Ability to understand or learn the technical implications of security threats
• Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment
• Ability to gauge one’s strengths and limitations
• Ability to deal with changes and adapt to a changing environment
• Must demonstrate the ability to maintain strict confidentiality of the firm's internal and personnel affairs
• Ability to work well with others, harness different skills and experience, and build a strong sense of team spirit
• Highly self-motivated and directed
• Ability to work in a multi-office environment and willingness to travel to other offices as required
• Ability to work effectively in a culturally and educationally diverse environment

• Bachelor of Science in a technology related discipline or 3 years of relevant experience
• 3-5 years of experience in a role dedicated to the configuration, maintenance and administration of log monitoring software, preferably Logrhythm.
• 3-5 years of experience in information technology in an area such as; networking, desktop engineering, programming, systems administration, help desk
• Strong critical thinking and problem solving skills
• Significant experience working with and expertise in understanding the Windows Event Log environment
• Practical experience with and working knowledge of syslog
• Significant experience with and expertise in creating event correlation logic and rules
• Significant experience and expertise in using security information event management platforms (SIEM) for searching and correlating events
• Possess excellent troubleshooting, problem solving, and verbal/written communication skills
• Ability to manage critical situations, and maintain solid relationships with colleagues and firm staff and attorneys
• Ability to anticipate problems, communicate them, and resolve if appropriate
• Ability to work independently and as part of a team
• Must have strong written/verbal communication skills
• Must be detail oriented with strong customer service skills
• Requires strong interpersonal and organization skills
• Take responsibility for customer satisfaction and overall success of managed services
• Interface with a variety of customers in a polite, positive, and professional manner

• Maintain current security certifications and attend industry seminars and relevant continuing education events
• Performs other work related duties as assigned

• Normal office environment. Incumbent is expected to work the hours necessary to fulfill the responsibilities of the position.
• Periodic travel may be required.
• The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of essential functions, responsibilities or requirements
• RKON is an equal opportunity employer.