Crown Holdings
Overview
Global Security – SIEM Engineer Department: Global Information Security Division: Corporate Global Location: Yardley, US Responsibilities
SIEM Architecture & Management: Lead the design, deployment, and continuous improvement of our Azure Sentinel environment. Ensure the health, performance, and availability of the SIEM platform, including Log Analytics Workspaces and Azure Data Explorer clusters. Manage data retention, archiving, and cost optimization strategies for security logs. Log Ingestion & Data Management: Develop and manage data connectors to ingest logs from a wide variety of on-premise and multi-cloud (Azure, AWS) sources, including network devices, endpoints, applications, and identity providers. Create and maintain parsing and normalization rules (ASIM) to ensure log data is structured, consistent, and ready for analysis. Troubleshoot issues with log sources, data connectors, and parsing functions. Detection, Automation, & Metrics: Develop, test, and tune high-fidelity analytics rules in KQL to detect emerging threats, mapping detections to frameworks like MITRE ATT&CK. Build and maintain Azure Logic Apps (SOAR playbooks) to automate incident enrichment, notification, and response actions. Design and develop interactive Azure Workbooks (dashboards) to provide real-time visibility for the SOC. Create and track key incident response metrics, such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Participate in Incident Response Exercises and tabletop simulations or other security drills. Threat Hunting Practice Development: Establish and lead a proactive threat hunting program within the SIEM. Formulate hypotheses based on threat intelligence and an understanding of the environment. Utilize advanced KQL queries and big data analytics to hunt for IOCs and TTPs that evade traditional detections. Translate successful threat hunts into new, automated detection rules. Job Requirements
We are seeking a highly skilled and motivated SIEM Engineer to architect, implement, and optimize our threat detection and response capabilities within Microsoft Azure Sentinel. This role is central to our security operations and requires a deep technical understanding of SIEM technology, log data management, and security automation. Education & Certifications
Bachelor’s degree in Information Systems, Computer Science, or equivalent experience Preferred security certifications: Microsoft SC-200, AZ-500, CISSP, GCIH Technical Expertise
Relevant industry certifications (e.g., Microsoft SC-200, AZ-500, CISSP, GCIH) Experience in building a threat hunting practice from the ground up Strong data visualization skills and experience creating meaningful dashboards and reports for both technical and executive audiences Knowledge of infrastructure-as-code (IaC) for deploying and managing Azure resources (e.g., Bicep, ARM templates) Experience in a hybrid environment with both on-premise and multi-cloud infrastructure Core Competencies
Excellent communication skills, translating technical concepts for all audiences Leadership in performance management, issue resolution, negotiation, and team motivation Experience collaborating with diverse teams across multiple countries and cultures Advanced problem-solving and troubleshooting skills Quality driven with exceptional attention to detail Strong organizational and prioritization skills
#J-18808-Ljbffr
Global Security – SIEM Engineer Department: Global Information Security Division: Corporate Global Location: Yardley, US Responsibilities
SIEM Architecture & Management: Lead the design, deployment, and continuous improvement of our Azure Sentinel environment. Ensure the health, performance, and availability of the SIEM platform, including Log Analytics Workspaces and Azure Data Explorer clusters. Manage data retention, archiving, and cost optimization strategies for security logs. Log Ingestion & Data Management: Develop and manage data connectors to ingest logs from a wide variety of on-premise and multi-cloud (Azure, AWS) sources, including network devices, endpoints, applications, and identity providers. Create and maintain parsing and normalization rules (ASIM) to ensure log data is structured, consistent, and ready for analysis. Troubleshoot issues with log sources, data connectors, and parsing functions. Detection, Automation, & Metrics: Develop, test, and tune high-fidelity analytics rules in KQL to detect emerging threats, mapping detections to frameworks like MITRE ATT&CK. Build and maintain Azure Logic Apps (SOAR playbooks) to automate incident enrichment, notification, and response actions. Design and develop interactive Azure Workbooks (dashboards) to provide real-time visibility for the SOC. Create and track key incident response metrics, such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Participate in Incident Response Exercises and tabletop simulations or other security drills. Threat Hunting Practice Development: Establish and lead a proactive threat hunting program within the SIEM. Formulate hypotheses based on threat intelligence and an understanding of the environment. Utilize advanced KQL queries and big data analytics to hunt for IOCs and TTPs that evade traditional detections. Translate successful threat hunts into new, automated detection rules. Job Requirements
We are seeking a highly skilled and motivated SIEM Engineer to architect, implement, and optimize our threat detection and response capabilities within Microsoft Azure Sentinel. This role is central to our security operations and requires a deep technical understanding of SIEM technology, log data management, and security automation. Education & Certifications
Bachelor’s degree in Information Systems, Computer Science, or equivalent experience Preferred security certifications: Microsoft SC-200, AZ-500, CISSP, GCIH Technical Expertise
Relevant industry certifications (e.g., Microsoft SC-200, AZ-500, CISSP, GCIH) Experience in building a threat hunting practice from the ground up Strong data visualization skills and experience creating meaningful dashboards and reports for both technical and executive audiences Knowledge of infrastructure-as-code (IaC) for deploying and managing Azure resources (e.g., Bicep, ARM templates) Experience in a hybrid environment with both on-premise and multi-cloud infrastructure Core Competencies
Excellent communication skills, translating technical concepts for all audiences Leadership in performance management, issue resolution, negotiation, and team motivation Experience collaborating with diverse teams across multiple countries and cultures Advanced problem-solving and troubleshooting skills Quality driven with exceptional attention to detail Strong organizational and prioritization skills
#J-18808-Ljbffr