Job Description

Key Responsibilities:

1. Data Pipeline Establishment:
   • Develop robust data ingestion pipelines to collect and ingest telemetry data from cyber tools such as ServiceNow/CMDB, Qualys/Aqua, Splunk, EDR/XDR, and CPSM/Wiz.io into the cyber data lake.
   • Implement procedures for data transformation and normalization to support consistent data structures mapped to OSCF models.
2. Data Model Development and Maintenance:
   • Design and maintain OSCF-compliant data models and schemas within Databricks to ensure efficient data management and integration.
   • Continually update and refine data models to accommodate new tools and data types.
3. Deduplication and Correlation:
   • Implement queries or algorithms for data deduplication to eliminate redundant alerts as required.
   • Develop methods to correlate related events or incidents across multiple data sources for holistic security insights.
4. Monitoring and Alerting:
   • Develop and deploy advanced monitoring and alerting mechanisms to analyze integrated data for generating actionable insights.
   • Utilize rules or anomaly detection models to identify potential security threats.
5. Reporting and Presentation:
   • Design and implement reporting formats and dashboards to present actionable insights, aligning with GEV's standards and requirements.
   • Ensure reports meet the rigors of structured reporting formats.
6. Automated Data Management:
   • Establish automated data refresh and update processes to ensure the cyber data lake consistently receives the latest telemetry data.
   • Guarantee seamless integration and updates to the monitoring operations.
7. Continuous Health Monitoring:
   • Execute real-time monitoring processes to track and analyze integrated data, enabling quick detection and response to security incidents or threats.
   • Work collaboratively with incident response teams to improve threat detection and mitigation strategiesCore Responsibilities:
8. Dashboard Operation and Maintenance:
   • Manage and optimize reporting dashboards to ensure accurate and comprehensive visibility into cybersecurity metrics, trends, and performance indicators.
   • Regularly update dashboard functionality to align with changes in GEV's technology and data platforms.
9. Metrics Analysis and Reporting:
   • Analyze approximately 70 cyber metrics monthly, including critical "CISO level" metrics such as cyber budget spend, MFA compliance, and vulnerability mitigation.
   • Conduct root cause analyses for off-target metrics using analytic tools like Pareto charts and 5 Why’s analysis, and document corrective actions.
10. Commentary and Contextualization:
    • Provide detailed monthly reports with contextual commentary sourced from various cyber domains, offering insights into performance fluctuations.
    • Generate additional ad hoc reports for metrics in need of immediate attention, using prescribed formats (e.g., bar charts, line graphs).
11. Continuous Improvement and Adaptation:
    • Support evolving cyber needs through agreed-upon customization, integration changes, and reporting modifications.
    • Revise Standard Operating Procedures (SOPs) to align with technological updates and changes in leadership direction, ensuring robust version control.
12. Documentation and Governance:
    • Adhere to GEV's documentation standards, policies, and governance frameworks, ensuring compliance in all reporting and record-keeping activities.
    • Implement change management practices to track and manage updates to SOPs, maintaining traceability and rollback capabilities.
13. Problem-Solving and Communication:
    • Conduct detailed reviews of performance metrics, prioritize issues, and present findings and corrective actions to domain leaders and the global CISO team.
    • Facilitate effective communication across cyber domains to ensure alignment and understanding of metrics and corrective measures.

Qualifications:

• 5+ years of relevant experience in data engineering, cybersecurity monitoring, and system integration processes.
• Proficiency in working with Databricks or similar data store systems.
• Knowledge of OSCF models and frameworks.
• Programming and scripting skills for data transformation and pipeline development/database query languages
• Familiarity with cybersecurity tools like ServiceNow, Qualys, Splunk, EDR/XDR, and CPSM/Wiz.io.
• Experience in developing monitoring and alerting mechanisms.
• Proven ability to design effective reporting formats and dashboards.
• Strong analytical skills for data correlation and deduplication tasks.
• Excellent communication skills for conveying insights and collaborating with teams.

Preferred Qualifications:

• Certifications in data engineering, cybersecurity, and relevant fields.
• Experience with machine learning models for anomaly detection.
• Familiarity with data governance and compliance in cybersecurity contexts.
• Experience using metrics tooling, reporting dashboards, PowerBI, Tableau, Databricks
• Data visualization and dashboard development

Key Responsibilities:

1. Data Pipeline Establishment:
   • Develop robust data ingestion pipelines to collect and ingest telemetry data from cyber tools such as ServiceNow/CMDB, Qualys/Aqua, Splunk, EDR/XDR, and CPSM/Wiz.io into the cyber data lake.
   • Implement procedures for data transformation and normalization to support consistent data structures mapped to OSCF models.
2. Data Model Development and Maintenance:
   • Design and maintain OSCF-compliant data models and schemas within Databricks to ensure efficient data management and integration.
   • Continually update and refine data models to accommodate new tools and data types.
3. Deduplication and Correlation:
   • Implement queries or algorithms for data deduplication to eliminate redundant alerts as required.
   • Develop methods to correlate related events or incidents across multiple data sources for holistic security insights.
4. Monitoring and Alerting:
   • Develop and deploy advanced monitoring and alerting mechanisms to analyze integrated data for generating actionable insights.
   • Utilize rules or anomaly detection models to identify potential security threats.
5. Reporting and Presentation:
   • Design and implement reporting formats and dashboards to present actionable insights, aligning with GEV's standards and requirements.
   • Ensure reports meet the rigors of structured reporting formats.
6. Automated Data Management:
   • Establish automated data refresh and update processes to ensure the cyber data lake consistently receives the latest telemetry data.
   • Guarantee seamless integration and updates to the monitoring operations.
7. Continuous Health Monitoring:
   • Execute real-time monitoring processes to track and analyze integrated data, enabling quick detection and response to security incidents or threats.
   • Work collaboratively with incident response teams to improve threat detection and mitigation strategiesCore Responsibilities:
8. Dashboard Operation and Maintenance:
   • Manage and optimize reporting dashboards to ensure accurate and comprehensive visibility into cybersecurity metrics, trends, and performance indicators.
   • Regularly update dashboard functionality to align with changes in GEV's technology and data platforms.
9. Metrics Analysis and Reporting:
   • Analyze approximately 70 cyber metrics monthly, including critical "CISO level" metrics such as cyber budget spend, MFA compliance, and vulnerability mitigation.
   • Conduct root cause analyses for off-target metrics using analytic tools like Pareto charts and 5 Why’s analysis, and document corrective actions.
10. Commentary and Contextualization:
    • Provide detailed monthly reports with contextual commentary sourced from various cyber domains, offering insights into performance fluctuations.
    • Generate additional ad hoc reports for metrics in need of immediate attention, using prescribed formats (e.g., bar charts, line graphs).
11. Continuous Improvement and Adaptation:
    • Support evolving cyber needs through agreed-upon customization, integration changes, and reporting modifications.
    • Revise Standard Operating Procedures (SOPs) to align with technological updates and changes in leadership direction, ensuring robust version control.
12. Documentation and Governance:
    • Adhere to GEV's documentation standards, policies, and governance frameworks, ensuring compliance in all reporting and record-keeping activities.
    • Implement change management practices to track and manage updates to SOPs, maintaining traceability and rollback capabilities.
13. Problem-Solving and Communication:
    • Conduct detailed reviews of performance metrics, prioritize issues, and present findings and corrective actions to domain leaders and the global CISO team.
    • Facilitate effective communication across cyber domains to ensure alignment and understanding of metrics and corrective measures.

Qualifications:

• 5+ years of relevant experience in data engineering, cybersecurity monitoring, and system integration processes.
• Proficiency in working with Databricks or similar data store systems.
• Knowledge of OSCF models and frameworks.
• Programming and scripting skills for data transformation and pipeline development/database query languages
• Familiarity with cybersecurity tools like ServiceNow, Qualys, Splunk, EDR/XDR, and CPSM/Wiz.io.
• Experience in developing monitoring and alerting mechanisms.
• Proven ability to design effective reporting formats and dashboards.
• Strong analytical skills for data correlation and deduplication tasks.
• Excellent communication skills for conveying insights and collaborating with teams.

Preferred Qualifications:

• Certifications in data engineering, cybersecurity, and relevant fields.
• Experience with machine learning models for anomaly detection.
• Familiarity with data governance and compliance in cybersecurity contexts.
• Experience using metrics tooling, reporting dashboards, PowerBI, Tableau, Databricks
• Data visualization and dashboard development