Job Summary:
We are seeking a skilled Sr. Security Engineer to monitor, detect, analyze, and respond to security incidents affecting our SPC environment. The ideal candidate will leverage their automation skills, especially in Python, to streamline SOC operations and enhance incident response capabilities. This role requires strong communication skills, analytical problem-solving abilities, sound judgment, and a solid foundation in IT security.
Key Responsibilities:
- Security Monitoring: Use security event management systems (SIEM) and other tools to detect security incidents and anomalies.
- Incident Analysis: Investigate and analyze security incidents, determine root causes, assist in vulnerability assessments, and manage remediation efforts.
- Automation Development: Develop and implement automation scripts and workflows to improve SOC efficiency, focusing on incident response automation and playbook creation.
- Log Analysis: Conduct in-depth analysis of logs to identify indicators of compromise (IOCs) and potential security breaches.
- Response Planning: Create and maintain incident response plans and procedures to ensure optimal handling of security incidents.
- Collaboration: Coordinate with analysts and other stakeholders to escalate and respond to security incidents promptly.
- Mentorship: Provide guidance to analysts on incident detection, analysis, and response techniques.
- Exercises and Simulations: Participate in security incident tabletop exercises and simulations to refine incident response capabilities.
- Continuous Learning: Stay up-to-date with cybersecurity threats, vulnerabilities, and mitigation techniques.
- Process Improvement: Contribute to process refinement and tool enhancement within the SOC. Generate SLI/SLO metrics to demonstrate improvements.
- Subject Matter Expertise: Serve as an information security expert for the Incident Response team and assist in escalations.
- Travel Requirements: Yearly travel may be required for 1–2 weeks per year, subject to business needs.
Qualifications:
- IT and Security Knowledge: Solid understanding of information technology and security best practices.
- Cloud Experience: Hands-on experience with AWS, Azure, or GCP is desired but not required.
- Team Collaboration: Strong ability to collaborate across teams.
- Network Knowledge: Basic understanding of network routers, switches, and firewalls.
- Automation Skills: Strong automation mindset, particularly in finding creative solutions using Python.
- Linux Proficiency: Proficient in Linux, including security hardening for Linux, web applications, and databases such as PostgreSQL and MariaDB.
- Kubernetes Experience: Experience with Kubernetes is a plus.
- Security Tools: Familiarity with open-source security tools and applications.
- Attention to Detail: Strong organizational skills with exceptional attention to detail.
- Availability: Willing to work in a 24/7 environment, including weekends and holidays, with on-call duties.
- Experience: 5+ years of relevant experience