Information Security Engineer – SIEM

Job Description / Skills Required

Can you keep the data of 49 million global customers safe?

Are you an experienced Information Security engineer experience administering Security Information and Event Management (SIEM) applications? Do you have experience as an information security engineer with a demonstrable understanding of SIEM products and functionality?

This job will focus on enhancing visibility and creating intelligence based on Groupon’s global SIEM architecture. You will share responsibility to ensure the safety of Groupon’s information systems assets and to protect systems from unauthorized access and abuse.

This position will support the continued configuration, deployment, and management of Groupon’s SIEM solution across a global infrastructure. You will be tasked with implementing intelligent behavior-based monitoring rules, handling log sources & software updates, while also helping expand SIEM coverage and visibility.

You will also need to encompass systems and mechanisms used to for host-based intrusion detection and prevent systems. You will have knowledge of systems like OSSEC, and can design, install, configure, and integrate it with the SIEM infrastructure.

Though the initial project focus will be enhancement to our SIEM infrastructure, your responsibilities will expand into other technical information security projects and team responsibilities over time.

Does this sound like you?

Excellent verbal, interpersonal, and written communication skills
Excellent analytical, problem-solving and decision-making capabilities
Can effectively work self-sufficiently across a geographically distributed team environment with integrity
Is a results oriented, high energy person who takes pride in their work
Professional Skills & Responsibilities

Act as the local subject matter expert and ambassador for Groupon’s SIEM solution to the rest of Groupon, including leadership
Maintain SIEM operations, documentation and knowledge of the latest active security threats
Assist in troubleshooting and problem solving a wide variety of client issues and issues affecting the security of Groupon’s computing resources
Provide technical and operational security support to IT, Engineering, Legal, and business units
Implement analytics-based rules to enhance and maintain visibility for the Information Security team across endpoint & network activity and audit logs
Perform analyses against large data sets to identify potentially malicious behavior
Perform technical security assessments against internal and external facing systems using open source and commercial tools
Implement new security technologies as required to support a dynamic/challenging business environment
Understand business needs, Engineering/IT capabilities, and security requirements to ensure a proper balance is maintained
Technical Expectations

8+ years software development experience
4+ years of experience administering SIEM technologies in global enterprise networks, administering Linux and Windows servers and information security experience, in a highly, technical hands-on environment
Experience building, implementing and tuning SIEM event correlation rules, logic, and content in a large environment to filter out security events associated with known and well-established network behavior, known false positives and/or known errors
Experience creating scheduled and ad-hoc reporting with SIEM tools
Strong knowledge of networking and web related protocols (e.g., TCP, UDP, IPSEC, HTTP, HTTPS, network routing protocols), open-source command line utilities and scripting languages (Perl, Python, Bash), regulations (PCI, SOX 404, Safe Harbor), log management and SIEM solutions (e.g. Splunk, Nitro, Syslog-ng), and network security controls (Routers, Firewalls, Proxies, ACL’s, networking protocols)
CISSP and/or CISA Certifications preferred
Bachelor’s Degree or equivalent work experience
Experience with computer forensics and investigations
Vendor certification(s) in an enterprise SIEM product is a plus
Experience with change control policy and procedures
Experience with Amazon Web Services a plus

Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s
fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.