Senior Data Protection Engineer (REMOTE)
United States of America
Full Time
1 week ago
$112,000 - $140,000 USD
H1B Sponsor Likely
Key skills
PythonPowerShellLeadershipCommunicationCollaborationFirewall
About this role
The Hanover Insurance Group is committed to delivering on their promises and being there when it matters the most. They are seeking a highly experienced and skilled Senior Data Protection Engineer to join their IT Security organization, responsible for the administration, maintenance, and optimization of the organization's SIEM and IDS/IPS platforms.
Responsibilities:
- Manage, maintain, and optimize the on‑premise SIEM platform, including log ingestion, parsing, correlation rules, dashboards, and alerting
- Ensure SIEM availability, performance, and scalability to support enterprise security monitoring needs
- Develop and tune detection rules, correlation logic, and use cases aligned with threat intelligence and organizational risk
- Oversee log source onboarding, configuration, and validation across servers, applications, network devices, and security tools
- Conduct regular SIEM health checks, capacity planning, and lifecycle management
- Administer and maintain on‑premise IDS/IPS platforms, ensuring accurate detection and prevention of malicious activity
- Tune signatures, policies, and rulesets to reduce false positives while maintaining strong detection coverage
- Monitor IDS/IPS performance, availability, and event trends to identify anomalies or operational issues
- Coordinate with network and security teams to implement policy updates, rule changes, and architectural improvements
- Ensure both SIEM and IDS/IPS solutions are aligned with security governance frameworks, compliance requirements, and organizational policies
- Maintain documentation for system configurations, processes, runbooks, and governance controls
- Support audit activities by providing evidence, reports, and system configuration details
- Participate in incident response activities by providing SIEM/IDS/IPS insights, event analysis, and technical expertise
- Evaluate emerging threats and recommend enhancements to detection logic and monitoring capabilities
- Collaborate with architecture and leadership teams to align SIEM and IDS/IPS strategies with long‑term security objectives
- Identify opportunities to automate processes, improve detection fidelity, and enhance operational efficiency
Requirements:
- Minimum 5 years of hands‑on experience administering, managing, and maintaining: An on‑premise SIEM security solution, and An on‑premise IDS/IPS security solution
- Demonstrated experience ensuring high availability, governance alignment, and operational effectiveness of security monitoring technologies
- Strong understanding of SIEM architecture, log ingestion pipelines, correlation logic, and event normalization
- Expertise with IDS/IPS technologies, signature tuning, network traffic analysis, and threat detection methodologies
- Proficiency with security log formats (syslog, JSON, CEF, LEEF, etc.)
- Familiarity with network protocols, firewall rules, and enterprise network architecture
- Experience with Linux/Windows server administration as it relates to security tooling
- Ability to analyze security events, identify patterns, and support incident response
- Strong analytical and problem‑solving abilities
- Excellent communication skills for cross‑team collaboration
- Ability to work independently in a remote environment while managing multiple priorities
- Detail‑oriented mindset with a commitment to governance, documentation, and operational discipline
- Industry certifications such as: GIAC (GCIA, GCDA, GCED, GMON), CompTIA Security+ / CySA+, CISSP or equivalent
- Experience with automation (Python, PowerShell, or similar)
- Familiarity with threat intelligence platforms and frameworks (MITRE ATT&CK, NIST CSF)