Risk and Compliance Engineer
Risk and Compliance Engineer
Opportunity:
LogRhythm, a leader in SIEM, empowers organizations to measurably reduce risk by rapidly detecting, responding to, and neutralizing cyberthreats. LogRhythm’s Threat Lifecycle Management workflow is the foundation for security operations centers (SOCs), helping customers secure their cloud, physical, and virtual infrastructures for IT and OT environments. The LogRhythm platform has won many accolades, including being positioned as a Leader in Gartner’s SIEM Magic Quadrant.
Overview
As a Compliance Research Engineer, you will join the LogRhythm Labs team which is responsible for delivering world class security and compliance research, analytics, and intelligence to protect our customers from damaging cyber threats and to help them adhere to, maintain, and report on compliance regulations that impact them. We empower our customers by combining actionable intelligence (compliance or threat research) with advanced analytics to address the risks that matter most. The Compliance Research Engineer will have a strong understanding of governance, regulation, and risk; they will blend that understanding with strong technology and development skills. This position will report directly to the VP of LogRhythm Labs and will be operationally supported by the Team Lead for Compliance Research.
Responsibilities
- Develop and maintain LogRhythm SIEM Compliance content. Compliance modules map specific regulatory requirements to LogRhythm content to help customers monitor and attest to their compliance with a specific regulation. A compliance module will include analytic rules, searches, reports, alerting, and integration with incident response supporting capabilities. These modules are included in our Knowledge Base and leveraged by all LogRhythm customers.
- Research emerging and existing cybersecurity compliance requirements; act as a subject matter expert in support of sales, engineering, and marketing
- Produce whitepapers, blog entries, and speak at industry conferences
- Develop, refine, and execute on LogRhythm’s compliance mission
Required Skills
- Knowledge of industry compliance regulations (i.e., PCI-DSS, HIPAA, SOX, ISO, NIST, GDPR, etc.)
- Thorough understanding of common IT Audit/security control objectives (IAM, DLP, File Integrity Monitoring, Change Control, Backup Operations, etc.) and the trail of evidence required to satisfy control steps
- A strong technical aptitude and hands on experience with technology, in general
- Ability to read compliance regulations (often written by lawyers), interpret the intent, and translate that into technological controls
- Strong written and verbal communication skills
- Bachelor’s degree in computer science, computer information systems, or related field
- Public speaking and presentation experience is a plus
- Experience in big data and advanced analytics (i.e., SIEMs, Hadoop, Elastic)
- Experience with enterprise systems auditing/logging
- Basic understanding of networking concepts (IP, DNS, OSI Model)
- Experience developing SIEM analytics, reports, and investigations
- Scripting skills (Shell, SQL, Python, Lucene, JSON, Regex)
- Relevant industry certifications (i.e. CISSP, CISA, CompTIA (SEC+, A+, Network+) GCIH, etc.)
Benefits:
LogRhythm offers the following benefits for this position, subject to applicable eligibility requirements:
· Medical | · Dental | · 401k plan | · Flexible time off |
· Vision | · HSA · FSA | · EAP | · Birthday Day off |
Salary:
The annual starting salary for this position is between 90k-120k Annually depending on experience and other qualifications of the successful candidate.