Are you an experienced Information Security engineer with a strong background in SIEM (Security Information and Event Management) applications within a global infrastructure?  Do you have experience with a demonstrable understanding around securing and administering remote access technologies?

This job will focus on enhancing visibility and creating intelligent correlation logic based on Groupon’s global SIEM architecture.  This position will support the continued configuration, deployment, and management of a SIEM across a global infrastructure. You will be tasked with implementing intelligent behavior-based monitoring rules, handling log sources & software updates, while also helping expand SIEM coverage and visibility.

Initial responsibilities will also involve securing Groupon’s remote access technologies to protect systems from unauthorized access and abuse.  Remote access rules and policies will require integration into a global role based access control model based on Authentication, Authorization, and Accountability (AAA) standards for securing access to resources, policy enforcement and proper auditing controls.

Though this position’s primary foundations will focus on enhancement to our SIEM infrastructure and securing remote access technologies, responsibilities will expand into other technical information security projects and team responsibilities over time.

Does this sound like you?

• Excellent verbal, interpersonal, and written communication skills

• Excellent analytical, problem-solving and decision-making capabilities

• Can effectively work self-sufficiently across a geographically distributed team environment with integrity

• Is a results oriented, high energy person who takes pride in their work

Professional Skills & Responsibilities

• Act as the local subject matter expert and ambassador for remote access & SIEM technologies to the rest of Groupon, including leadership

• Maintain operational health of SIEM & remote access operations, documentation and knowledge of the latest active security threats

• Assist in troubleshooting and problem solving against a wide variety of issues and issues affecting the security and operational health of Groupon’s computing resources

• Provide technical and operational support as an ambassador for the Information Security team to IT, Engineering, Legal, and other core business units

• Implement analytics-based rules to enhance and maintain visibility for the Information Security team across endpoint & network activity and audit logs

• Perform analyses against large data sets to identify potentially malicious behavior and indicators of compromise

• Perform technical security assessments against internal and external facing systems using open source and commercial tools

• Implement new security technologies as required to support a dynamic/challenging business environment

• Understand business needs, Engineering/IT capabilities, and security requirements to ensure a proper balance is maintained

Technical Expectations

• 4+ years experience administering SIEM technologies in global enterprise networks in a highly, technical hands-on environment

• 6+ years systems (Linux and Windows) or network admin experience

• Experience building, implementing and tuning SIEM event correlation rules, logic, and content in a large environment to filter out security events associated with known and well-established network behavior, known false positives and/or known errors

• Experience creating scheduled and ad-hoc reporting with SIEM tools

• Demonstrated ability to identify security events associated with known and expected network behavior, filter out known false positives and/or known errors

• Experience hardening and configuring VPNs and other remote access technologies for securing access between endpoints and data center networks

• Solid understanding of Network Access Control (NAC) concepts applicable to a layered policy-based endpoint connectivity matrix

• Must be familiar with multi-factor authentication (MFA) methodologies and demonstrate experience integrating MFA into enterprise systems

• Strong knowledge of networking and web related protocols (e.g., TCP, UDP, IPSEC, HTTP, HTTPS, network routing protocols), open-source command line utilities and scripting languages (Perl, Python, Bash), regulations (PCI, SOX 404, Safe Harbor, GDPR), log management and SIEM solutions (e.g. Splunk, Nitro, Syslog-ng), and network security controls (Routers, Firewalls, Proxies, ACL’s, networking protocols)

• CISSP and/or CISA Certifications preferred

• Bachelor’s Degree or equivalent work experience

• Experience with computer forensics and investigations

• Vendor certification(s) in an enterprise SIEM product is a plus

• Experience with change control policy and procedures

• Experience with Amazon Web Services a plus

Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.