First American
Principal SIEM Engineer
First American, Santa Ana, California, United States, 92725
Who We AreJoin a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for nine consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com. What We DoThis senior technical role is responsible for supporting, maturing, and expanding our Security Operations Center (SOC) logging and monitoring functions. This is a collaborative role and requires an advanced interdisciplinary technical background with skillsets in systems and application administration, data engineering, security operations, and detection engineering.
What You'll Do:Design, implement, and maintain the SIEM infrastructureUtilize your knowledge of cloud environments to implement and support multi-cloud infrastructure deploymentsUtilize data management platform and other tools to enable efficient routing, parsing, and filtering of dataApply data engineering concepts such as data warehousing, real-time data processing, and data normalization to enhance the overall data infrastructureLeverage SIEM and data management platforms to collect, analyze, and correlate logsLead SIEM detection engineering function to develop and fine-tune correlation rules, alerts, and dashboards to detect and respond to threatsContribute to the expansion of data engineering practices, leveraging advanced analytics and machine learning for proactive threat detectionParticipate in the purple team life cycle, collaborating with offensive and defensive security team to continuously improve detection and response strategiesIdentify and implement opportunities for automation to support operational excellence with the SIEM and data management toolingCollaborate with cross-functional teams to identify and mitigate security risks and vulnerabilitiesPerform regular audits of security configurations, policies, and procedures to ensure compliance with industry standards and regulationsStay up to date on latest security trends, tools, and best practices to continually enhance our SIEM capabilitiesProvide guidance and support to security engineersMay be required to perform duties outside of normal work hours based on business needsWhat You'll Bring:Extensive experience with SIEM, data management platforms, particularly Splunk and Cribl, including deployment, configuration, optimization, administration, and functional use of the tooling (e.g., integration of log sources into SIEM, searching cloud archives with Cribl, etc.)Strong understanding of network protocols, firewalls, intrusion detection systems, endpoint security solutions, and major cloud environments such as Azure, AWS, and GCPDemonstrated ability to deploy, configure, and secure infrastructure in Azure, AWS, and GCPProficiency in scripting languages (e.g., Python, PowerShell, Bash) for automation and task simplification, experience with AWS Lambda and Azure Functions is a plusStrong understanding of security frameworks such as MITRE ATT&CKHands on experience developing, tuning, and deploying security detections in SIEMExcellent analytical skills to identify, analyze, and resolve complex engineering issuesKnowledge of security frameworks and standards (e.g., COBIT, NIST 800-53, ISO27001, SSAE16, SOC1, SOC2, etc.)Proficient in Microsoft Word, Excel, PowerPoint, Visio, with the ability to create clear and effective technical documentation and presentationsStrong verbal and written communication skills; strong presentation skillsAbility to manage multiple high-priority projects and tasks effectively, ensuring alignment with strategic security goalsAbility to work collaboratively in a team-oriented environment, leading by example and fostering a culture of collaboration and continuous improvementGenerally, requires a bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field., or equivalent work experienceA minimum of 10 years information security experience, with a strong focus on SIEM, data management, and security operationsRelevant certifications such as Splunk Certified Power User/Admin, Cribl Certified Admin, Security+, CEH, OSCP, CISSP, etc.
Salary Range: $166,750.00-$222,325.00This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic locationDisclaimerThe above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal work hours and/or responsibilities from time to time, as needed.What We OfferBy choice, we don't simply accept individuality - we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it's the right thing to do, but also because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term. Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.
What You'll Do:Design, implement, and maintain the SIEM infrastructureUtilize your knowledge of cloud environments to implement and support multi-cloud infrastructure deploymentsUtilize data management platform and other tools to enable efficient routing, parsing, and filtering of dataApply data engineering concepts such as data warehousing, real-time data processing, and data normalization to enhance the overall data infrastructureLeverage SIEM and data management platforms to collect, analyze, and correlate logsLead SIEM detection engineering function to develop and fine-tune correlation rules, alerts, and dashboards to detect and respond to threatsContribute to the expansion of data engineering practices, leveraging advanced analytics and machine learning for proactive threat detectionParticipate in the purple team life cycle, collaborating with offensive and defensive security team to continuously improve detection and response strategiesIdentify and implement opportunities for automation to support operational excellence with the SIEM and data management toolingCollaborate with cross-functional teams to identify and mitigate security risks and vulnerabilitiesPerform regular audits of security configurations, policies, and procedures to ensure compliance with industry standards and regulationsStay up to date on latest security trends, tools, and best practices to continually enhance our SIEM capabilitiesProvide guidance and support to security engineersMay be required to perform duties outside of normal work hours based on business needsWhat You'll Bring:Extensive experience with SIEM, data management platforms, particularly Splunk and Cribl, including deployment, configuration, optimization, administration, and functional use of the tooling (e.g., integration of log sources into SIEM, searching cloud archives with Cribl, etc.)Strong understanding of network protocols, firewalls, intrusion detection systems, endpoint security solutions, and major cloud environments such as Azure, AWS, and GCPDemonstrated ability to deploy, configure, and secure infrastructure in Azure, AWS, and GCPProficiency in scripting languages (e.g., Python, PowerShell, Bash) for automation and task simplification, experience with AWS Lambda and Azure Functions is a plusStrong understanding of security frameworks such as MITRE ATT&CKHands on experience developing, tuning, and deploying security detections in SIEMExcellent analytical skills to identify, analyze, and resolve complex engineering issuesKnowledge of security frameworks and standards (e.g., COBIT, NIST 800-53, ISO27001, SSAE16, SOC1, SOC2, etc.)Proficient in Microsoft Word, Excel, PowerPoint, Visio, with the ability to create clear and effective technical documentation and presentationsStrong verbal and written communication skills; strong presentation skillsAbility to manage multiple high-priority projects and tasks effectively, ensuring alignment with strategic security goalsAbility to work collaboratively in a team-oriented environment, leading by example and fostering a culture of collaboration and continuous improvementGenerally, requires a bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field., or equivalent work experienceA minimum of 10 years information security experience, with a strong focus on SIEM, data management, and security operationsRelevant certifications such as Splunk Certified Power User/Admin, Cribl Certified Admin, Security+, CEH, OSCP, CISSP, etc.
Salary Range: $166,750.00-$222,325.00This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic locationDisclaimerThe above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal work hours and/or responsibilities from time to time, as needed.What We OfferBy choice, we don't simply accept individuality - we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it's the right thing to do, but also because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term. Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.