Job Description

Description

Here, we believe theres not one path to success, we believe in careers that grow with you. Whoever you are or wherever you come from in the world, theres a place for you at Sherwin-Williams. We provide you with the opportunity to explore your curiosity and drive us forward. Well give you the space to share your strengths and we want you to show us what you can do. You can innovate, grow and discover in a place where you can thrive and Let Your Colors Show!

Sherwin-Williams values the unique talents and abilities from all backgrounds and characteristics. All qualified individuals are encouraged to apply, including individuals with disabilities and Protected Veterans.

The IT Technical Security Analyst core function is to develop and maintain the Corporate Threat Management program. Assignments at this level will focus primarily on Security information and event management (SIEM) and Security Orchestration and Automated Response (SOAR) technologies. Candidates must be highly analytical, technically competent, and comfortable bringing different elements of the business together in initiatives of all sizes. An ability to plan for future Threat Program needs requires staying informed of current events in technology platforms and the security industry.

Essential Functions

Operational Management

* Manage SIEM core and Enterprise Security module.
* Ensure onboarding of log sources includes mapping to appropriate data models and ensuring monitoring solutions in place to detect log ingest failures.
* Assist in administration and management of SOAR solution with analysis for process improvement and implementation support.

Strategy & Planning

* Engage other teams within Information Security group and non-IT departments in automation efforts that will benefit the business but require integration with additional technologies.
* Work with business for refining policies and standards around SIEM / SOAR related technologies.
* Assist Security Operations Center (SOC) as required in investigations and incident response.
* Ability to build signature-based alerts within SIEM when given concepts for detection and the ability to communicate what the outcome is meant to deliver.
* Collaborate with business, peers, and vendors to drive robust prevention, detection, and remediation methodologies.
* Coordinate with business windows for updating SIEM / SOAR technology updates.
* Work with business as needed to report spikes in data ingest and ensure no long-term impact on ingest volumes outside of license allowance.
* Ensure documentation and testing of SIEM / SOAR solution disaster recovery and backup / redundancy plans.
* Stay abreast of business and technological developments to properly prepare threat program's future posture.
* Represent Threat Program in Governance Board meetings as needed.

Acquisition & Deployment

* Perform compliance assessments for new program security tools.
* Work with business to evaluate new technologies logs worthiness for SIEM ingestion.

Incidental Functions

* Assist with other projects as may be required to contribute to efficiency and effectiveness of the group.
* Travel may be required but should not exceed 10% of work time.
* Work outside the standard office 7.5 hour workday may be required with on-call availability.
* Minimal travel is required
* Work outside the standard office 7.5 hour workday may occasionally be required as well as willingness to be on-call option for after-hours support.

Position Requirements

Formal Education & Certification

* Bachelor degree or foreign equivalent in related field or equivalent work experience.
* Splunk Core, Cloud, Enterprise Security certification preferred.
* Lean, CISSP, SANS GIAC, or CompTIA Security+ certifications preferred.

Knowledge & Experience

* 2+ years IT experience.
* 2+ years IT Security experience.
* Experience with SIEM solutions such ArcSite, Splunk, Alien Vault, etc.
* Experience with Splunk Enterprise Security module.
* Experience ingesting cloud-based logs such as AWS, Azure, Google Cloud into SIEM.
* Background in metrics/reporting.
* Understanding of various operating systems (z/OS, Window, UNIX, Linux, AIX, etc.).

Preferred Experience and Certification

* Experience creating risk based or user behavior analytics.
* Project Management experience.
* Experience with Python Programming Language
* Understanding of NIST or MITRE Framework.
* Experience in process analysis and improvement.
* Understanding of Threat Analysis and Threat Intelligence.
* Experience with Vulnerability Management product such as Qualys, Rapid7, etc.
* Utilize key performance indicators to track analyst workloads as well as the efficiency of detection signatures/rules and associated monitoring technologies.
* Benchmark and implement industry best practices to mitigate potential threats.
* Support the preparation of appropriate reports and communicate status and results.

Personal Attributes

* Strong analytical, evaluative, and problem-solving abilities.
* Ability to motivate in a team-oriented, collaborative environment.
* Ability to set and manage priorities.
* Strong written and oral communication skills.
* Strong interpersonal skills.
* Ability to present ideas in business-friendly and user-friendly language.
* Self-motivated and directed.
* Keen attention to detail.

Must be legally authorized to work in country of employment without sponsorship for employment visa status now or in the future.

Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.

As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.

LI-Remote