The Sherwin-Williams Company is hiring: Cybersecurity Engineer Lead in Cleveland
The Sherwin-Williams Company, Cleveland, OH, United States, 44101
The Cybersecurity Engineer Lead will foster the development of the engineering team's detection engineering and threat hunting services performed by Sherwin-William's Cybersecurity Operations Center (CSOC). This team is responsible for creating and tuning high-fidelity detections for the company's CSOC using our Security Information and Event Monitoring (SIEM) tool and various data sources. This candidate is responsible for Detection Engineering, Threat Hunting, and Security Monitoring programs. Your primary focus is to create and tune detections and alerts that safeguard sensitive information from unauthorized access or harm caused by cybercriminals or malicious insiders. Assignments at this level will focus primarily on SIEM and Security Orchestration and Automated Response (SOAR) technologies that support the Cyber Department. Typically working alongside IT departments, business stakeholders, and cybersecurity engineers. This role reports directly to the CSOC manager. Lead customization, alerting, tuning, and automation solutions for our SIEM/SOAR platform. Configure SIEM detections and event data quality to maximize SIEM alert efficiency. Create and tune UEBA and anomaly-based detections. Lead development of SOPs for performing lead-driven and leadless hunts. Adjusting processes and procedures to ensure continuous improvement. Assist management in defining roles and responsibilities for threat hunting team. Lead monitoring of perimeter, host environment, network traffic, access and identity, applications, physical environment, cloud, and OT data sources. Provide early and real-time alerts of intrusions, exfiltration, malware, and anomalies Support the ingestion and management of various data sources. Work with SIEM partners to create and enhance dashboards. Occasionally perform investigation and triage of events and incidents. Escalate according to established playbooks in support of Incident Response process. This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa. This position has a hybrid work schedule with three days in the office and the option for working remotely two days. Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company's staff, employees, and business relationships. Formal Education & Certification Bachelor's degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (e.g., Information Technology, Electronics and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience. Knowledge & Experience 8+ years IT experience. 5+ years of experience Working within a Cybersecurity team. Experience with creating and tuning detection rules in Splunk or Sumo Logic. Understanding of various operating systems (z/OS, Window, UNIX, Linux, AIX, etc.). Understanding of log ingestion and complex data sources. Preferred Experience SIEM/SOAR solutions, such as Splunk and Sumo Logic. Security Operations Center (SOC) or working with a MSSP. Threat Intelligence Platform (TIP) and integrating into a SIEM solution. User and Entity Behavior Analytics (UEBA) or anomaly-based detections. Virtualization and container application technologies such as VMWare and Docker. Leading lead-driven and leadless hunts. Identifying and implementing solutions to complex business problems. Project Management. Scripting and automation. Utilize key performance indicators to track log source availability.