Information Security Engineer

Job Description / Skills Required

Groupon’s Information Security team is seeking an experienced Information Security engineer with a strong background in administering Security Information and Event Management (SIEM) applications. This position is best suited for an experienced Information Security engineer with a strong proven understanding of SIEM products and functionality.

Primary responsibilities will be enhancing visibility and creating intelligence based on Groupon’s global SIEM architecture. This position will be share responsibility to ensure the safety of Groupon’s information systems assets and to protect systems from unauthorized access and abuse.

This Information Security Engineering position will initially focus on the continued configuration, deployment, and management of Groupon’s SIEM solution across a global infrastructure. This position will be tasked with implementing intelligent behavior-based monitoring rules, managing log sources & software updates, while also helping expand SIEM coverage and visibility. Additional responsibilities include the ability to analyze and perform event correlation, create Dashboards and reporting content, troubleshoot, and remediate issues while working closely with IT and engineering teams to ensure that the SIEM is optimized for performance and logging sources are properly configured.

This role will also encompass systems and mechanisms used to for host-based intrusion detection and prevent systems. The candidate will have knowledge of systems such as OSSEC or similar, and will be able to design, install, configure, and integrate such systems with the SIEM infrastructure.

Though the initial project focus will be enhancement to Groupon’s SIEM infrastructure, this position will expand into other technical information security projects and team responsibilities over time.

Professional Skills & Responsibilities
Qualified candidates will have experience with one or more of the following:

Act as the Subject Matter Expert (SME) for Groupon’s SIEM solution

Maintain SIEM operations and technical documentation

Incorporate change management into all system changes.

Excellent problem solving capabilities.

Assist in troubleshooting and problem solving a wide variety of client issues and issues affecting the security of Groupon’s computing resources

Vendor certification(s) in an enterprise SIEM product is a plus

Experience with change control policy and procedures.

Excellent verbal, social, and written communication skills

Strong analytical, problem-solving and decision making capabilities

Experience with Amazon Web Services a plus

Experience implementing and troubleshooting endpoint security tools

Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise

Provide technical and operational security support to IT, Engineering, Legal, and business units

Maintain knowledge of the latest active security threats

Implement analytics-driven rules to enhance and maintain visibility for the Information Security team across endpoint & network activity and audit logs

Effectively work across a geographically distributed team environment

Perform analyses against large data sets to identify potentially malicious behavior

Results oriented, high energy, self-motivated

High degree of self-sufficiency, ownership, and pride of deliverables

Demonstrated integrity in a professional environment

Work closely with internal leadership teams in a collaborative environment to ensure that security awareness and issues are communicated effectively

Be an ambassador for the Information Security team and provide technical security support, knowledge, and training to other business units within Groupon

Perform technical security assessments against internal and external facing systems using open source and commercial tools.

Implement new security technologies as required to support a dynamic/challenging business environment.

Assist in the maintenance/development of security policies and procedures.

Individual must have a level understanding of business needs, Engineering/IT capabilities, and security requirements to ensure a proper balance is maintained.

Technical Requirements
4+ years of experience administering SIEM technologies in global enterprise networks

Must possess a thorough and in-depth understanding of SEIM technologies and event collector deployments in an enterprise network

4+ years administering Linux and Windows servers

5+ years of Information Security experience, in a highly, technical hands on environment.

Must have demonstrated ability to build and implement SIEM event correlation rules, logic, and content in an enterprise environment

Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors

Must have experience creating scheduled and ad-hoc reporting with SEIM tools.

Strong knowledge of networking and web related protocols (e.g., TCP, UDP, IPSEC, HTTP, HTTPS, network routing protocols)

Experience using with open-source command line utilities and scripting languages such as Perl, Python, Bash.

Solid information security and threat intelligence knowledge.

Experience working with network security controls (Routers, Firewalls, Proxies, ACL’s, Wireless networking protocols)

Working knowledge of PCI, SOX 404, Safe Harbor, and other regulations/standards.

CISSP and/or CISA Certifications preferred.

Bachelor’s Degree or equivalent work experience.

Knowledge of scripting languages such as Perl, Python, Bash.

Experience with computer forensics and investigations.

Familiar with log management and SIEM solutions (e.g. Splunk, Nitro, Syslog-ng).

Experience working with network security controls (Routers, Firewalls, Proxies, ACL’s, Wireless networking protocols)

Knowledge of PCI, SOX 404, Safe Harbor, and other regulations/standards.

Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.