SIEM Engineer-Global Security

Overview Crown Holdings, Inc. is a global leader in the design, manufacture, and sale of packaging products for consumer goods. At Crown, we are passionate about helping our customers build their brands and connect with consumers around the world. We do this by delivering innovative packaging that offers significant value for brand owners, retailers, and consumers alike. With operations in 47 countries employing over 33,000 people and net sales of over $11 billion, we are uniquely positioned to bring best practices in quality and manufacturing to our customers to drive their businesses locally and globally. Sustaining a leadership position requires us to build a team of highly talented, dedicated, and driven individuals. Department Overview The Global Information Security Team’s mission is “protect Crown’s global information systems, data and employees from cyber-based security threats while ensuring the confidentiality, integrity and availability of information used by the Crown business units to product world class sustainable packaging solutions to our customers”. Location This is an office-based position in Yardley PA, and individuals are expected to be in the office daily. Crown offers a flexible work hour schedule. Summary of Position The SIEM Engineer position is a cornerstone of our security operations, responsible for architecting, building, and mastering our threat detection and response ecosystem within Azure Sentinel. This is a deeply technical, hands-on role for a professional who thrives on managing the entire security data pipeline—from architecting log ingestion from multi-cloud sources to developing sophisticated KQL analytics and automated SOAR playbooks. More than just a platform administrator, this position is empowered to strategically enhance our security posture by creating insightful dashboards, defining the metrics that measure our success, and spearheading the development of our proactive threat hunting program. Job Requirements Responsibilities Lead the design, deployment, and continuous improvement of our Azure Sentinel environment. Ensure the health, performance, and availability of the SIEM platform, including Log Analytics Workspaces and Azure Data Explorer clusters. Manage data retention, archiving, and cost optimization strategies for security logs. Develop and manage data connectors to ingest logs from a wide variety of on-premise and multi-cloud (Azure, AWS) sources, including network devices, endpoints, applications, and identity providers. Create and maintain parsing and normalization rules (ASIM) to ensure log data is structured, consistent, and ready for analysis. Troubleshoot issues with log sources, data connectors, and parsing functions. Detection, Automation, & Metrics: Develop, test, and tune high-fidelity analytics rules in KQL to detect emerging threats, mapping detections to frameworks like MITRE ATT&CK. Build and maintain Azure Logic Apps (SOAR playbooks) to automate incident enrichment, notification, and response actions. Design and develop interactive Azure Workbooks (dashboards) to provide real-time visibility for the Security Operations Center (SOC). Create and track key incident response metrics, such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), to measure program effectiveness. Participate in Incident Response Exercises and tabletop simulation or other security related drills Threat Hunting Practice Development: Establish and lead a proactive threat hunting program within the SIEM. Formulate hypotheses based on threat intelligence and an understanding of our environment. Utilize advanced KQL queries and big data analytics to hunt for indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that evade traditional detections. Translate successful threat hunts into new, automated detection rules. Education & Certifications Bachelor’s degree in Information Systems, Computer Science, or equivalent experience Preferred security certifications: Relevant industry certifications (e.g., Microsoft SC-200, AZ-500, CISSP, GCIH). Technical Expertise Relevant industry certifications (e.g., Microsoft SC-200, AZ-500, CISSP, GCIH). Experience in building a threat hunting practice from the ground up. Strong data visualization skills and experience creating meaningful dashboards and reports for both technical and executive audiences. Knowledge of infrastructure-as-code (IaC) for deploying and managing Azure resources (e.g., Bicep, ARM templates). Experience in a hybrid environment with both on-premise and multi-cloud infrastructure. Core Competencies Excellent communication skills, translating technical concepts for all audiences Leadership in performance management, issue resolution, negotiation, and team motivation Experience collaborating with diverse teams across multiple countries and cultures Advanced problem-solving and troubleshooting skills Quality driven with exceptional attention to detail Strong organizational and prioritization skills Travel Crown is an equal opportunity employer. Crown does not discriminate against any candidate or employee on the basis of race, national origin, sex, marital status, sexual orientation, age, disability, religion, veteran status, or any other status protected by law. #J-18808-Ljbffr

Created: 2025-09-17