Our Ability Jobs

Job Information

Ally Security Engineering Manager in Charlotte, North Carolina

Ally and Your Career Ally Financial only succeeds when its people do - and that’s more than some cliche people put on job postings. We live this stuff! We see our people as, well, people - with interests, families, friends, dreams and causes that are all important to them. Our focus is on the health and safety of our teammates as well as work-life balance and diversity and inclusion. From generous benefits to a variety of employee resource groups, we strive to build paths that encourage employees to stretch themselves professionally. We want to help you grow, develop, and learn new things. You’re constantly evolving, so shouldn’t your opportunities be, too? The Opportunity The Security Engineering Manager is responsible for a broad range of responsibilities. The ideal candidate must possess strong technical and soft skills with Security Information and Event Management (SIEM) technologies and event log collection. The Security Engineering Principal will work closely with Management, other senior security staff members, the Security Operations Center (SOC), Incident Response (IR) team, and other internal organizations to serve as the subject matter expert for SIEM-related activities from data source onboarding and ingest, to indexing, CIM compliance and Data Model development. The Work Itself Develop and maintain the technology roadmap for the deployment and ongoing operations of Splunk Enterprise Security software and appliance-based products across a large and diverse enterprise. * Architecture integrations of various data sources with Splunk * Partner with various internal teams to develop and tune security monitoring in the SIEM. * A key point of escalation for other security engineers and analysts, provide guidance and mentoring using adaptive communication style that promotes learning. * Create or direct the creation of operational security metrics via the most efficient method (i.e. dashboards, reports). * Responsible to help drive the security-related data collection methodologies across the enterprise. * Be proactive in tracking information security trends, standards and practices to identify needs for enhancing or developing security solutions. * Identify security considerations for design and deployment of new applications, technologies, and solutions across the enterprise. * Create, review, and revise use cases to support content within SIEM tools, working in partnership with the Detection team. * Direct and propose new network monitoring and security operations to drive a risk based approach to threat detection * Design, develop, implement SIEM ingestion pipelines that scale to the needs of data ingestion for the SIEM * Experience on-boarding data that meets CIM standards and integration of threat intelligence feeds. * Recommends various automation requirements to facilitate security event handling * Reviews, prepares or presents executive-level key reporting around SIEM detections and alerting * Promote awareness of applicable security policies and standards. * Work with the SOC, incident responses team, and security engineering team on security tools monitoring and implementations. * Provide risk assessments on new IT systems and provide necessary SIEM implementation. * Provide technical support in security logs, feeds, and raw sources into SIEM for data security analytics. * Develop integration and detection policies for Threat Intelligence Platform, Security Orchestration Automation and Response system, and case management system. * Develop sophisticated queries in SIEM from Network, platform, Database, AD, and EDR logs. The Skills You Bring Knowledge of Log Management Platforms experience (Splunk, Elasticsearch, Logstash, Kibana – ELK / Elastic Stack). * Experience with extending Splunk CIM data models and designing and maintaining data model enabled content (correlation searches, dashboards, etc) * Strong Security Operations background in SOC, Defense (Red Team/ Blue Team), SIEM, Incident Response, and Threat Intelligence, etc. * Knowledge of serverless pipelines in Azure, and AWS to ensure scalability for log delivery to the SIEM. * Knowledge of automation and orchestration integration with Splunk Enterprise Security * Prefer one of the following general certifications: CISSP, CISM, CISA or equivalent * Prefer an application-specific certification: Splunk Certified Admin * Prefer an AWS Operations or Security certification. * Excellent Communications in English. * 5+ years experience deploying and operating large, enterprise-wide Splunk (both OnPrem and cloud) including deep experience with Splunk Enterprise Security * 5+ years experience leading deployment and operations teams * 3+ years experience in Linux. * 3+ years experience Python, PowerShell and other scripting languages. How We’ll Have Your Back Ally's compensation program offers market-competitive base pay and pay-for-performance incentives (bonuses) based on achieving personal and company goals. But Ally’s total compensation – or total rewards – extends beyond your paycheck and is designed to support and enrich your personal and professional life, including: * Time Away: competitive holiday and flexible paid-time-off, including time off for volunteering and voting. * Planning for the Future: plan for the near and long term with an industry-leading 401K retirement savings plan with matching and company contributions, student loan and 529 educational assistance programs, tuition reimbursement, and other financial well-being programs. * Supporting your Health & Well-being: flexible health and insurance options including dental and vision, pre-tax Health Savings Account with employer contributions and a total well-being program that helps you and your family stay on track physically, socially, emotionally and financially. * Building a Family: adoption, surrogacy, and fertility support as well as parental and caregiver leave, back-up child and adult/elder day care program and child care discounts. * Work-Life Integration: other benefits including LifeMatters® Employee Assistance Program, subsidized and discounted Weight Watchers® program and other employee discount programs. Who We Are Ally Financial is a customer-centric, leading digital financial services company with passionate customer service and innovative financial solutions. We are relentlessly focused on "Doing it Right" and being a trusted financial-services provider to our consumer, commercial, and corporate customers. For more information, visit www.ally.com. Ally is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity or expression, pregnancy status, marital status, military or veteran status, genetic disposition or any other reason protected by law. We are committed to working with and providing reasonable accommodation to applicants with physical or mental disabilities. For accommodation requests, email us at work@ally.com. Ally will not discriminate against any qualified individual who is capable of performing the essential functions of the job with or without reasonable accommodation. 2E Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled

DirectEmployers