Principal Cyber Defense Engineer
Sony Corporation of America, , NJ, United States
Sony Corporation of America, located in New York, NY, is the U.S. headquarters of Sony Group Corporation, based in Tokyo, Japan. Sony's principal U.S. businesses include Sony Electronics Inc., Sony Interactive Entertainment LLC, Sony Music Entertainment, Sony Music Publishing and Sony Pictures Entertainment Inc. With some 900 million Sony devices in hands and homes worldwide today, a vast array of Sony movies, television shows and music, and the PlayStation Network, Sony creates and delivers more entertainment experiences to more people than anyone else on earth. To learn more: www.sony.com/en.
POSITION SUMMARY
We are seeking a highly skilled and experienced Principal Cyber Defense Engineer to join our newly formed Cyber Defense Team at Sony. This role is pivotal in ensuring the security and integrity of our systems by managing cyber defense operations, facilitating data onboarding, and supporting network administration tasks. The ideal candidate will have a strong background in security engineering, with a focus on automation and process improvement. Additionally, this role involves acting as an internal consultant to our operating companies, providing guidance and support to meet their security needs, and assisting with vulnerability assessments and remediation efforts where needed.
JOB RESPONSIBILITIES
Data Onboarding:
- Support the data onboarding process into Splunk, ensuring accurate and efficient data collection.
- Utilize methods such as Syslog (TLS), HTTP Event Collector (HEC), AWS S3, and Microsoft Azure EventHub for data integration.
- Maintain and optimize Splunk Universal Forwarder (UF) and Heavy Forwarder (HF) configurations.
- Ensure data normalization using Splunk's Common Information Model (CIM) for consistent and efficient searching, correlation, and reporting.
Cyber Defense Operations:
- Focus on automation to streamline and enhance security processes.
- Work with Sony Companies to assist with managing and optimize Microsoft Defender MDE.
- Integrate data into the SIEM by onboarding data via methods such as syslog and HTTP event forwarders.
- Act as the primary point of contact for operating companies, assisting with connections to the internal GSIRT group.
- Develop and implement security measures and protocols.
- Collaborate with the Incident Response (IR) team to ensure comprehensive security coverage.
- Perform basic network administration tasks, such as logging into firewalls and checking versions.
- Support general project tasks related to network security.
- Proactively reach out to operating companies to understand their security needs and areas for improvement.
- Provide expert guidance and develop tailored security plans to address specific requirements.
- Conduct internal research and leverage knowledge to offer actionable recommendations.
Vulnerability Management:
- Work with operating companies to prioritize attack surface management findings.
- Provide remediation guidance and support to address identified vulnerabilities.
- Ensure timely and effective resolution of security vulnerabilities.
Process Development:
- Establish and document new processes and procedures.
- Continuously improve existing processes to enhance efficiency and effectiveness.
Honesty, trustworthiness and ethical conduct are material requirements for the responsibilities outlined above.
QUALIFICATIONS FOR POSITION
Your qualifications and experience should include:
Required Skills
- Splunk Data Onboarding
- Experience with Splunk Universal Forwarder (UF) and Heavy Forwarder (HF)
- Proficiency with HTTP Event Collector (HEC)
- Familiarity with data onboarding methods: Syslog (TLS), AWS S3, Microsoft Azure EventHub
- Splunk Administration and Usage Building dashboards, reports, and advanced queries
- Understanding of Splunk's Common Information Model (CIM) Project Management and Collaboration
- Handling tight deadlines and multiple projects
- Collaborating with infrastructure engineering and security teams
Preferred Skills
- Big Data and Data Platforms
- Familiarity with other big data tools like ELK (Elasticsearch, Logstash, Kibana)
- Advanced Splunk Features
- Knowledge of Splunk Database (DB) Connect
- Understanding of Summary Index and how to exclude events from being indexed
- Familiarity with important Splunk configuration files Security Knowledge Vulnerability management and attack surface reduction
- Experience with Microsoft Defender Implementing and maintaining SIEM logging standards
- Creating security reports and escalating issues
- General IT Skills
- Adaptability to significant changes in projects or work environments
- Ability to conduct independent research and self-learning
Experience
- Extensive experience in cyber defense and security engineering, preferably as a principal or lead role within a cyber defense team
- Proven track record of managing and optimizing security operations with a strong emphasis on automation.
- Demonstrated ability to leverage automation tools and techniques to streamline security operations and improve efficiency.
- Experience in scripting and automating tasks using Python or other relevant programming languages.
- Proven ability to integrate and automate security tools and platforms, such as Microsoft Defender MDE and Splunk.
- Experience in creating automated workflows for vulnerability management and remediation.
- CISSP, CISM, or other relevant security certifications is a plus
- Excellent communication and interpersonal skills.
- Strong problem-solving and analytical abilities.
- Ability to work independently and as part of a team.
- Comfortable with reaching out to and consulting with internal stakeholders.
- All candidates must be authorized to work in the USA.