The Cybersecurity Engineer Lead will foster the development the detection engineering and threat hunting services performed by Sherwin-William's Cyber Fusion Center (CFC). This team is responsible for creating and tuning high-fidelity detections for the company's Cybersecurity Security Operations Center (CSOC) using our Security Information and Event Monitoring (SIEM) tool and various data sources. This candidate is also responsible for Threat Hunting, Security Monitoring, and creating automations to reduce manual work and increase efficiency. Your primary focus is to create and tune detections and alerts that safeguard sensitive information from unauthorized access or harm caused by cybercriminals or malicious insiders. Assignments at this level will focus primarily on SIEM and Security Orchestration and Automated Response (SOAR) technologies that support the Cyber Fusion Center. Typically working alongside IT departments, business stakeholders, and cybersecurity engineers. This role reports directly to the CSOC manager. * Lead customization, alerting, tuning, and automation solutions for our SIEM/SOAR platform. * Configure SIEM detections and event data quality to maximize SIEM alert efficiency. * Create and tune UEBA and anomaly-based detections. * Lead development of SOPs for performing lead-driven and leadless hunts. Adjusting processes and procedures to ensure continuous improvement. * Assist management in defining roles and responsibilities for threat hunting team. * Lead monitoring of perimeter, host environment, network traffic, access and identity, applications, physical environment, cloud, and OT data sources. * Provide early and real-time alerts of intrusions, exfiltration, malware, and anomalies * Support the ingestion and management of various data sources. * Work with SIEM partners to create and enhance dashboards. * Occasionally perform investigation and triage of events and incidents. Escalate according to established playbooks in support of Incident Response process. This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa. This position has a hybrid work schedule with three days in the office and the option for working remotely two days. Formal Education & Certification * Bachelor's degree (or foreign equivalent) in a Computer Science, Computer Engineering, or Information Technology field of study (e.g., Information Technology, Electronics and Instrumentation Engineering, Computer Systems Management, Mathematics) or equivalent experience. Knowledge & Experience 8+ years IT experience. 5+ years of experience Working within a Cybersecurity Engineering team. Experience with creating and tuning detection rules Experience leading lead-driven and leadless hunts. Experience identifying and implementing solutions to complex business problems. Understanding of various operating systems (z/OS, Window, UNIX, Linux, AIX, etc.). Understanding of log ingestion and complex data sources. Preferred Experience * Experience with SIEM/SOAR solutions, such as Splunk or Sumo Logic. * Experience in a Security Operations Center (SOC) or working with a MSSP. * Experience working with a Threat Intelligence Platform (TIP) and integrating into a SIEM solution. * Experience with User and Entity Behavior Analytics (UEBA). * Experience with virtualization and container application technologies such as VMWare and Docker. * Project Management. * Experience with scripting and automation. * Utilize key performance indicators to track log source availability. Personal Attributes Strong analytical, conceptual, and problem-solving abilities. Strong written and oral communication skills. Strong presentation and interpersonal skills. Ability to conduct research into