Security Observability Engineer

Security Observability Engineer

The Department of Administration's Division of Information Security (DIS) is seeking a Security Observability Engineer to join our top performing team! DIS is responsible for establishing statewide policies, standards, programs, and services related to cybersecurity and information systems. This position will work as a Security Observability Engineer within the DIS security team and will assist with the implementation, integration, and operationalizing security technologies. Now is an exciting time to join state government! We have prioritized maturing our security posture and look to lean on innovative thinkers to continue the evolution. We are service minded and believe our purpose is to protect our home state. If you are a forward-thinking security leader with an actionable mind set and want to make a difference, join us in our effort to protect South Carolina. You will have the opportunity to impact decisions, build teams, and ultimately mold security practices that will protect our state! Come join the journey and positively affect South Carolina government systems!

Responsibilities of the Security Observability Engineer include: 

• Engineer and implement centralized security log collection from vast log source types and parse, normalize and transform those logs for implementation in advanced use cases and SIEM correlation.
• Management and implementation of various methods of centralized network flow collection and incorporating the data into SIEM use case enrichment. Incorporate threat intelligence, asset inventory, identity management, passive DNS, geolocation tools and others to enrich SIEM alerts.
• Implement automation of routine security tasks, perform OS updates and administration of security tools on a distributed network of security sensors.
• Other duties as assigned.

Minimum and Additional Requirements

A bachelor's degree in information technology or a related field and experience in computer science, management information science, networking-telecommunications, and/or data processing in either an on-premises, cloud-based or hybrid environment to include experience in a security-focused role. Relevant experience may substitute for the bachelor's degree on a year-for-year basis.

Additional Requirements:

• Minimum of five (5) years' experience in system administration of Linux and Windows servers, firewalls and SIEMs. 
• Skills in information security systems and processes, such as Intrusion detection, investigation and eradication, incident response, threat assessment and analysis, and security event correlation and monitoring. 
• Must possess skills and experience in Linux command line system administration as well as Windows agent management. 
• Log management and transformation suite expertise and SIEM administration are preferred skill sets. 

Preferred Qualifications

• Experience in bash and python scripting are also preferred.
• Security related certifications are preferred.