Crown Holdings, Inc.
Overview
Crown Holdings, Inc. is a global leader in the design, manufacture, and sale of packaging products for consumer goods. At Crown, we are passionate about helping our customers build their brands and connect with consumers around the world. We do this by delivering innovative packaging that offers significant value for brand owners, retailers, and consumers alike. With operations in 47 countries employing over 33,000 people and net sales of over $11 billion, we are uniquely positioned to bring best practices in quality and manufacturing to our customers to drive their businesses locally and globally. Sustaining a leadership position requires us to build a team of highly talented, dedicated, and driven individuals. Location
Yardley, PA (office-based). Individuals are expected to be in the office daily. Crown offers a flexible work hour schedule. Job Summary
The SIEM Engineer position is a cornerstone of our security operations, responsible for architecting, building, and mastering our threat detection and response ecosystem within Azure Sentinel. This is a deeply technical, hands-on role for a professional who thrives on managing the entire security data pipeline—from architecting log ingestion from multi-cloud sources to developing sophisticated KQL analytics and automated SOAR playbooks. More than just a platform administrator, this position is empowered to strategically enhance our security posture by creating insightful dashboards, defining the metrics that measure our success, and spearheading the development of our proactive threat hunting program. Responsibilities
SIEM Architecture & Management: Lead the design, deployment, and continuous improvement of our Azure Sentinel environment. Ensure the health, performance, and availability of the SIEM platform, including Log Analytics Workspaces and Azure Data Explorer clusters. Manage data retention, archiving, and cost optimization strategies for security logs. Log Ingestion & Data Management: Develop and manage data connectors to ingest logs from on-premise and multi-cloud (Azure, AWS) sources, including network devices, endpoints, applications, and identity providers. Create and maintain parsing and normalization rules (ASIM) to ensure log data is structured, consistent, and ready for analysis. Troubleshoot issues with log sources, data connectors, and parsing functions. Detection, Automation, & Metrics: Develop, test, and tune high-fidelity analytics rules in KQL to detect threats, mapping detections to frameworks like MITRE ATT&CK. Build and maintain Azure Logic Apps (SOAR playbooks) to automate incident enrichment, notification, and response actions. Design and develop interactive Azure Workbooks (dashboards) for real-time SOC visibility. Create and track incident response metrics (e.g., MTTD, MTTR). Participate in Incident Response Exercises and drills. Threat Hunting Practice Development: Establish and lead a proactive threat hunting program within the SIEM. Formulate hypotheses based on threat intelligence and environment understanding. Utilize advanced KQL queries and big data analytics to hunt for IOCs and TTPs that evade traditional detections. Translate successful threat hunts into new, automated detection rules. Education & Certifications
Bachelor’s degree in Information Systems, Computer Science, or equivalent experience Preferred security certifications: Microsoft SC-200, AZ-500, CISSP, GCIH Technical Expertise
Relevant certifications (e.g., Microsoft SC-200, AZ-500, CISSP, GCIH) Experience in building a threat hunting practice from the ground up Strong data visualization skills for dashboards and reports Knowledge of infrastructure-as-code for Azure resources (e.g., Bicep, ARM templates) Experience in hybrid on-premises and multi-cloud environments Core Competencies
Excellent communication, translating technical concepts for all audiences Leadership in performance management, issue resolution, negotiation, and team motivation Experience collaborating with diverse teams across multiple countries and cultures Advanced problem-solving and troubleshooting Detail-oriented and quality-driven Strong organizational and prioritization skills
#J-18808-Ljbffr
Crown Holdings, Inc. is a global leader in the design, manufacture, and sale of packaging products for consumer goods. At Crown, we are passionate about helping our customers build their brands and connect with consumers around the world. We do this by delivering innovative packaging that offers significant value for brand owners, retailers, and consumers alike. With operations in 47 countries employing over 33,000 people and net sales of over $11 billion, we are uniquely positioned to bring best practices in quality and manufacturing to our customers to drive their businesses locally and globally. Sustaining a leadership position requires us to build a team of highly talented, dedicated, and driven individuals. Location
Yardley, PA (office-based). Individuals are expected to be in the office daily. Crown offers a flexible work hour schedule. Job Summary
The SIEM Engineer position is a cornerstone of our security operations, responsible for architecting, building, and mastering our threat detection and response ecosystem within Azure Sentinel. This is a deeply technical, hands-on role for a professional who thrives on managing the entire security data pipeline—from architecting log ingestion from multi-cloud sources to developing sophisticated KQL analytics and automated SOAR playbooks. More than just a platform administrator, this position is empowered to strategically enhance our security posture by creating insightful dashboards, defining the metrics that measure our success, and spearheading the development of our proactive threat hunting program. Responsibilities
SIEM Architecture & Management: Lead the design, deployment, and continuous improvement of our Azure Sentinel environment. Ensure the health, performance, and availability of the SIEM platform, including Log Analytics Workspaces and Azure Data Explorer clusters. Manage data retention, archiving, and cost optimization strategies for security logs. Log Ingestion & Data Management: Develop and manage data connectors to ingest logs from on-premise and multi-cloud (Azure, AWS) sources, including network devices, endpoints, applications, and identity providers. Create and maintain parsing and normalization rules (ASIM) to ensure log data is structured, consistent, and ready for analysis. Troubleshoot issues with log sources, data connectors, and parsing functions. Detection, Automation, & Metrics: Develop, test, and tune high-fidelity analytics rules in KQL to detect threats, mapping detections to frameworks like MITRE ATT&CK. Build and maintain Azure Logic Apps (SOAR playbooks) to automate incident enrichment, notification, and response actions. Design and develop interactive Azure Workbooks (dashboards) for real-time SOC visibility. Create and track incident response metrics (e.g., MTTD, MTTR). Participate in Incident Response Exercises and drills. Threat Hunting Practice Development: Establish and lead a proactive threat hunting program within the SIEM. Formulate hypotheses based on threat intelligence and environment understanding. Utilize advanced KQL queries and big data analytics to hunt for IOCs and TTPs that evade traditional detections. Translate successful threat hunts into new, automated detection rules. Education & Certifications
Bachelor’s degree in Information Systems, Computer Science, or equivalent experience Preferred security certifications: Microsoft SC-200, AZ-500, CISSP, GCIH Technical Expertise
Relevant certifications (e.g., Microsoft SC-200, AZ-500, CISSP, GCIH) Experience in building a threat hunting practice from the ground up Strong data visualization skills for dashboards and reports Knowledge of infrastructure-as-code for Azure resources (e.g., Bicep, ARM templates) Experience in hybrid on-premises and multi-cloud environments Core Competencies
Excellent communication, translating technical concepts for all audiences Leadership in performance management, issue resolution, negotiation, and team motivation Experience collaborating with diverse teams across multiple countries and cultures Advanced problem-solving and troubleshooting Detail-oriented and quality-driven Strong organizational and prioritization skills
#J-18808-Ljbffr