Principal SIEM Engineer, VP, P5 at Morgan Stanley

Baltimore, Maryland, United States -

Full Time

Start Date

Immediate

Expiry Date

28 Jan, 26

Salary

190000.0

Posted On

30 Oct, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cyber Detection Engineering, Incident Response, Network Security, Endpoint Detection, Computer Forensics, Detection Logic Management, SIEM Rule Tuning, Correlation Logic, Exploitation Techniques, TCP/IP, Unix/Linux, SOAR Automation, Indicators of Compromise, Query Language, Streaming Data Frameworks, CI/CD Technology

Industry

Financial Services

Description

Supervise and govern the development of analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts Develop and fine-tune advanced detection rules, alerting mechanisms, and use cases to identify and respond to sophisticated security threats Create comprehensive security metrics, reports, dashboards, providing detailed insights into the organization's security posture Ensure that the SIEM solution complies with global regulatory standards and industry best practices Mentor and guide SIEM engineers, fostering a culture of continuous learning and development within the team Participate in the development of the organization's security strategy and contribute to its execution Monitor and support SIEM platforms to ensure security and stability of SOC infrastructure Provide day-to-day leadership and oversight for the SIEM engineering team, ensuring alignment with strategic goals and operational priorities Facilitate regular team standups, retrospectives, and planning sessions to promote transparency and accountability Coach team members on technical and professional growth, offering constructive feedback and career development support Champion a collaborative and inclusive team culture that encourages innovation, ownership, and continuous improvement Identify and address skill gaps through targeted training, mentoring, and knowledge-sharing initiatives Act as a point of escalation for technical challenges and team dynamics, resolving issues with empathy and decisiveness Collaborate with cross-functional teams to ensure seamless integration of SIEM capabilities into broader cyber response workflows Skills required (essential) Minimum of 10 years of experience in cyber detection engineering or incident response Strong understanding of network security, endpoint detection and computer forensics Experience in the creation and management of detection logic in SIEMs (e.g Elastic Search, Splunk, ArcSight, Microsoft Sentinel) Experience with SIEM rule tuning, correlation logic, alert de-duplication and false-positive reduction techniques Strong knowledge of exploitation techniques (e.g. MITRE ATT&CK) and use-case development Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP) Highly experienced with Unix/Linux command-line tools and shell scripting Experience developing automations in SOAR (e.g. Palo Alto XSOAR, SumoLogic, Swimlane) Experience within the application of Indicators of Compromise (e.g. YARA rules, STIX and TAXII) Strong hands-on experience with a query language (e.g Splunk's SPL or Elastic's EQL, SQL) Experience with streaming data frameworks (e.g. Kafka, NiFi, Spark) Experience with CI/CD technology (e.g Jenkins, GitLab CI, GitHub Actions) Experience in the administration of systems (e.g. servers, desktops) or security controls (AV, Endpoint, IDS) Intermediate experience developing scripts in Python Strong communication, task management and organizational skills Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren't just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There's also ample opportunity to move about the business for those who show passion and grit in their work. To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices into your browser. Expected base pay rates for the role will be between $135,000 to $190,000 per year at the commencement of employment. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees. It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.

Responsibilities

Supervise the development of analytics in SIEM tools to detect actionable security alerts and ensure compliance with regulatory standards. Mentor the SIEM engineering team and contribute to the organization's security strategy and execution.