Senior Security Engineer

Security Operations - Senior Security Engineer

Reporting to the Team Lead, Security Operations Engineering, the Security Operations – Senior Security Engineer will be part of a team of highly specialized engineers dedicated to solving complex, security specific challenges in support of 24x7 Managed Security Services. Working in a rapid startup environment, the Senior Security Engineer builds and supports methods, integrations, automations, and drives efficiency to further our depth of detection and response capabilities. The Senior Security Engineer works closely and collaboratively with the different levels of the Security Services organization to deliver consistent and timely services to customers.

Key Responsibilities:

• Work with the Security Operations Team to proactively identify, contain, and mitigate threats and vulnerabilities and provide metrics for reporting.
• Develop processes and procedures for incident response, threat modeling, threat intelligence, and threat hunting.
• Develop, implement, and enhance customer detection rules, integrations, parsing logic, dashboards, and automations within a UncommonX platform.
• Build processes and playbooks which lead to the automation of remediation and response actions and feed the Machine Learning pipeline.
• Lead the deployment and configuration of UncommonX security tools.
• Provide mentoring to Security Engineers and Security Analysts.
• Identify technology and/or configuration gaps in customer environments to aid in improving their security posture.
• Provide tactical guidance during active customer security incidents.
• Provide support to the Security Advisory Services team in the delivery of consulting services as it relates to security operations, threat management, vulnerability management, and incident response.
• Work independently as well as with a team to rapidly solve complex problems presented by the managed security services team.

Minimum Qualifications:

• 5+ years of demonstrated experience with a focus in areas such as systems, network, and/or application security.
• 3+ years of experience working in security response, security automation tooling, or threat intelligence.
• 3+ years of experience supporting Security Operations teams and incident response.
• 2+ years of experience supporting help desk operations.
• 2+ years of experience in content development (rules, reports, dashboards, integration, normalization, etc.) within SIEM platforms.
• Strong knowledge of technology and security controls related to the detection, analysis, containment, eradication, and recovery from cyber security incidents.
• In-depth understanding and hands-on experience with the configuration of security tools, including Firewall, IDS/IPS, EDR, CASB, Cloud Security, and Vulnerability Scanners.
• Deep understanding of Elastic, ElastAlert, and ClickHouse.
• Ability to quickly and effectively learn new technologies and keep up to date with the latest industry trends.
• Ability to communicate effectively with all levels of staff, management, and clients both verbally and in writing.

Educational/Certification Requirements/Assets:

• Undergraduate Degree in Business, Engineering, or Computer Science, or equivalent experience.
• Familiarity with malware analysis, forensics, SOAR, SIEM platforms, and a variety of Operating Systems (MS Windows, Linux, MacOS).
• Advanced expertise in the deployment and configuration of Cisco and Microsoft security solutions.
• Expertise in Elastic and ClickHouse environments with a focus on content development.
• Professional Certifications an advantage but not essential if have requisite role knowledge. GIAC, CISSP certifications a plus.
• Familiarity with industry/regulatory frameworks such as NIST CSF, ISO27001, SOC2, PCI/DSS a plus.