Job Description / Skills Required
Are you an experienced Information Security engineer with a solid background in SIEM (Security Information and Event Management) applications within a large-scale global infrastructure? Do you have experience with a demonstrable understanding around securing and administering remote access technologies?
We need your help in enhancing visibility and creating intelligent correlation logic based on Groupon’s global SIEM architecture. You will support the continued configuration, deployment, and management of a SIEM across a global infrastructure. You will be tasked with implementing intelligent monitoring rules, handling log sources & software updates, while also helping expand SIEM coverage and visibility.
You will secure Groupon’s remote access tech to protect systems from unauthorized access and abuse. Remote access rules and policies will require integration into a global role based access control model based on Authentication, Authorization, and Accountability (AAA) standards for access to resources, policy enforcement and auditing controls.
Though you will concern yourself with the improvement to our SIEM infrastructure and securing remote access tech, responsibilities will expand into other technical information security projects and team responsibilities over time.
We are looking for someone be an ambassador and authority for remote access & SIEM technologies. This means you'll need excellent verbal, interpersonal, and written communication skills, analytical, problem-solving and decision-making capabilities. You'll also need to be a results oriented, high energy person who takes pride in their work. Finally, as a remote worker, you'll be expected to work self-sufficiently across a geographically distributed team environment with integrity.
Professional Skills & Responsibilities
Maintain operational health of SIEM & remote access operations, documentation and knowledge of the latest active security threats
Assist in troubleshooting and problem solving against a wide variety of issues and issues affecting the security of Groupon’s computing resources
Provide technical and operational support as an ambassador to IT, Engineering, Legal, and other core business units
Implement analytics-based rules to enhance and maintain visibility for the Information Security team across endpoint & network activity and audit logs
Perform analyses against large data sets to identify potentially malicious behavior and indicators of compromise
Perform security assessments against internal and external facing systems using open source and commercial tools
Implement new security technologies as required to support a dynamic/challenging business environment
Understand business needs, Engineering/IT capabilities, and security requirements to ensure a balance is maintained
4+ years experience administering SIEM technologies in global enterprise networks in a highly, technical hands-on environment
6+ years systems (Linux and Windows) or network admin experience
Experience building, implementing and tuning SIEM event correlation rules, logic, and content in a large environment to filter out security events associated with known and well-established network behavior, known false positives and/or known errors
Experience creating scheduled and ad-hoc reporting with SIEM tools
Demonstrated ability to identify security events associated with known and expected network behavior, filter out known false positives and/or known errors
Experience hardening and configuring VPNs and other remote access technologies for securing access between endpoints and data center networks
Solid understanding of Network Access Control (NAC) concepts applicable to a layered policy-based endpoint connectivity matrix
Comfortable with multi-factor authentication (MFA) methodologies and demonstrate experience integrating MFA into enterprise systems
Strong knowledge of networking and web related protocols (e.g., TCP, UDP, IPSEC, HTTP, HTTPS, network routing protocols), open-source command line utilities and scripting languages (Perl, Python, Bash), regulations (PCI, SOX 404, Safe Harbor, GDPR), log management and SIEM solutions (e.g. Splunk, Nitro, Syslog-ng), and network security controls (Routers, Firewalls, Proxies, ACL’s, networking protocols)
CISSP and/or CISA Certifications preferred, and experience with Amazon Web Services or Vendor certification(s) in an enterprise SIEM product is a plus
Bachelor’s Degree or equivalent work experience
Experience with change control policy and procedures
Experience with computer forensics and investigations
Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.