Skip to content

General information

Career area
Work Location(s)
500 Woodward Avenue, Detroit, MI, 601 S. Tryon Street, Charlotte, NC, 7800 Shoal Creek Blvd, Austin, TX
Ref #
Posted Date
Wednesday, January 26, 2022
Working time

Ally and Your Career

Ally Financial only succeeds when its people do - and that’s more than some cliché people put on job postings. We live this stuff! We see our people as, well, people - with interests, families, friends, dreams, and causes that are all important to them. Our focus is on the health and safety of our teammates as well as work-life balance and diversity and inclusion. From generous benefits to a variety of employee resource groups, we strive to build paths that encourage employees to stretch themselves professionally. We want to help you grow, develop, and learn new things. You’re constantly evolving, so shouldn’t your opportunities be, too?

The Opportunity

At Ally, you get a startup feel, but experience the benefits of a company that’s worked out the kinks and is fulfilling its purpose. We’re always evolving and see that as a good thing. From owning our work to seeing its impact in the real world, our team is relentless in finding new ways technology can help make experiences better and help people. We are problem solvers, we value diverse thinking, we support one another, and we challenge ourselves to think bigger in the journey to deliver customer-obsessed tech solutions.

The Security Engineering Manager is responsible for a broad range of responsibilities. The ideal candidate must possess strong technical and soft skills with Security Information and Event Management (SIEM) technologies and event log collection. The Security Engineering Principal will work closely with Management, other senior security staff members, the Security Operations Center (SOC), Incident Response (IR) team, and other internal organizations to serve as the subject matter expert for SIEM-related activities from data source onboarding and ingest, to indexing, CIM compliance and Data Model development.

The Work Itself

·       Help maintain the technology roadmap for the deployment and ongoing operations of Splunk Enterprise Security software and appliance-based products across a large and diverse enterprise.

·       Architecture integrations of various data sources with Splunk

·       Partner with various internal teams to develop and tune security monitoring in the SIEM.

·       A key point of escalation for other security engineers and analysts, provide guidance and mentoring using adaptive communication style that promotes learning.

·       Create or direct the creation of operational security metrics via the most efficient method (i.e. dashboards, reports).

·       Responsible to help drive the security-related data collection methodologies across the enterprise.

·       Be proactive in tracking information security trends, standards and practices to identify needs for enhancing or developing security solutions.

·       Identify security considerations for design and deployment of new applications, technologies, and solutions across the enterprise.

·       Create, review, and revise use cases to support content within SIEM tools, working in partnership with the Detection team.

·       Direct and propose new network monitoring and security operations to drive a risk-based approach to threat detection

·       Design, develop, implement SIEM ingestion pipelines that scale to the needs of data ingestion for the SIEM

·       Experience on-boarding data that meets CIM standards and integration of threat intelligence feeds.

·       Recommends various automation requirements to facilitate security event handling

·       Reviews, prepares or presents executive-level key reporting around SIEM detections and alerting

·       Promote awareness of applicable security policies and standards.

·       Work with the SOC, incident responses team, and security engineering team on security tools monitoring and implementations.

·       Provide risk assessments on new IT systems and provide necessary SIEM implementation.

·       Provide technical support in security logs, feeds, and raw sources into SIEM for data security analytics.

·       Develop integration and detection policies for Threat Intelligence Platform, Security Orchestration Automation and Response system, and case management system.

·       Develop advanced queries in SIEM from Network, platform, Database, AD, and EDR logs.

The Skills You Bring

·        5+ years experience deploying and operating large, enterprise-wide Splunk (both OnPrem and cloud) including deep experience with Splunk Enterprise Security

·       5+ years experience leading deployment and operations teams

·       3+ years experience in Linux.

·       3+ years experience Python, PowerShell and other scripting languages.

  • Knowledge of Log Management Platforms experience (Splunk, Elasticsearch, Logstash, Kibana – ELK / Elastic Stack).
  • Experience with extending Splunk CIM data models and developing and maintaining data model enabled content (correlation searches, dashboards, etc)
  • Strong Security Operations background in SOC, Defense (Red Team/ Blue Team), SIEM, Incident Response, and Threat Intelligence, etc.
  • Knowledge of serverless pipelines in Azure, and AWS to ensure scalability for log delivery to the SIEM.
  • Knowledge of automation and orchestration integration with Splunk Enterprise Security
  • Prefer one of the following general certifications: CISSP, CISM, CISA or equivalent
  • Prefer an application-specific certification: Splunk Certified Admin
  • Prefer an AWS Operations or Security certification.
  • Excellent Communications in English.

How We'll Have Your Back

Ally's compensation program offers market-competitive base pay and pay-for-performance incentives (bonuses) based on achieving personal and company goals. But Ally’s total compensation – or total rewards – extends beyond your paycheck and is designed to support and enrich your personal and professional life, including:

  • Starting Pay: The starting pay for this role is $90,000 per year.  In addition, this role is eligible for an annual bonus program with a target of 11% of annual base pay, based on individual and corporate performance. This is the starting pay for this role. Actual offers to be negotiated based on applicant’s qualifications and experience.
  • Time Away: competitive holiday and flexible paid-time-off, including time off for volunteering and voting.
  • Planning for the Future: plan for the near and long term with an industry-leading 401K retirement savings plan with matching and company contributions, student loan and 529 educational assistance programs, tuition reimbursement, and other financial well-being programs.
  • Supporting your Health & Well-being: flexible health and insurance options including dental and vision, pre-tax Health Savings Account with employer contributions and a total well-being program that helps you and your family stay on track physically, socially, emotionally, and financially.
  • Building a Family: adoption, surrogacy, and fertility support as well as parental and caregiver leave, back-up child and adult/elder day care program and childcare discounts.
  • Work-Life Integration: other benefits including LifeMatters® Employee Assistance Program, subsidized and discounted Weight Watchers® program and other employee discount programs.

Who We Are:

Ally Financial is a customer-centric, leading digital financial services company with passionate customer service and innovative financial solutions. We are relentlessly focused on "Doing it Right" and being a trusted financial-services provider to our consumer, commercial, and corporate customers. For more information, visit

Ally is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity or expression, pregnancy status, marital status, military or veteran status, genetic disposition or any other reason protected by law.

Where permitted by applicable law, must have received or be willing to receive the COVID-19 vaccine by date of hire to be considered, if not currently employed by Ally.

We are committed to working with and providing reasonable accommodation to applicants with physical or mental disabilities. For accommodation requests, email us at Ally will not discriminate against any qualified individual who is capable of performing the essential functions of the job with or without reasonable accommodation. #LI-Remote