Security Engineer

Requirements

• About the Role
• We are looking for a Security Operations Analyst to become a key member of our Security Operations Center (SOC) to monitor for malicious activity and act on alerts/detections, as well as investigate, respond (contain/triage/mitigate) and threat hunt. This analyst will collaborate with other members of the team to help simplify, streamline, automate and enhance the overall security capabilities of our Security Operations. This role is highly technical and requires skills in intrusion detection and threat hunting to identify credible risks/adversaries across all our systems. A key to success for this role will be to collaborate with security engineers, developers, and business units to constantly improve the overall security posture.

• How can we apply threat modeling to daily security operations? How can we automate remediation and incorporate human judgement from users at scale? What open-source technology and OSINT can be applied as part of our toolset? If these topics excite you, then this role is for you.

Responsibilities
• Monitor our alert channels, SIEM/SOAR notifications and EDR/IDS/IPS solutions for detections/incidents and threat hunt for malicious activity. Investigate, contain, triage and mitigate as needed; as well as continuously tune rules to reduce false positives.
• Provide incident response and be a key point of contact during all incidents; which includes investigation, correlation, triage, response, mitigation, ticketing, documentation and postmortem analyses. Note – Our analysts are empowered to work an alert from start to finish, including any containment, investigation and mitigative actions needed.
• Assist in the tuning of EDR/IDS/IPS solutions to improve detection, reduce noise, add IOAs, etc.
• Work with the security engineering team to improve tool usage and workflows, as well mature monitoring and response capabilities. Work with developers on the InfoSec team to build security automation workflows, enrichments and mitigations.
• Evaluate SOC policies and procedures and recommend updates to management where appropriate.
• Grow and mature our threat intelligence program – gather, analyze and assess threat intelligence to report on the current and future threat landscape, and provide a realistic overview of risks and threats in the enterprise environment.
• Enhance our detection capabilities with correlation, situational awareness and intel enrichment.

Skill & Experience
• Proficient operator of security tools such as end point protection/EDR, SIEM, IPS/IDS, HIDS/NIDS, WAFs, Edge/DNS security, vulnerability scanning, malware analysis tools, networking tool for full packet analysis, data loss prevention (DLP), etc.
• Following certifications: CEH, CISM, GIAC, GCIH, GCIA, GSLC, GICSP, GSEC, CEH, GWAP, CompTIA Net+, CompTIA A+, CompTIA Security+, CASP CE, SEC+, Splunk Core, OSCP, etc.
• Linux/Unix OS, Windows and Mac administration skills
• Intimate understanding of technology and be motivated to constantly learn new technologies.
• Strong ability to learn and research new things, including tools, languages, frameworks, etc.
• Excellent verbal and written communication skills
• Collaborative mindset that thrives in fast paced environment
• Bonus:
• Programming/scripting experience (bash, python, PowerShell)
• Forensics or malware analysis experience