Information Security Engineer

Safe-Guard Products International LLC•Atlanta, GA

5h•Hybrid

About The Position

Security Operations is a team that is responsible for incident detection and response (IR), vulnerability management (VM), Data Protection (DP) and security engineering activities. The Security Operations Engineer will be able to handle IR alerts and escalations from multiple sources and is responsible for implementing, maintaining, monitoring and managing security technologies to support SIEM, Endpoint Detection & Response (EDR), Vulnerability Management, Data Protection and others. The engineer delivers these solutions and services in accordance with the organization’s architectural designs, best practices, and regulatory or compliance requirements. As risks change, the security engineer is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape. The engineer reports on findings and provides recommendations for corrective action. Performs vulnerability assessments as assigned utilizing IT security tools and methodologies. Performs assessments of the IT security/risk posture within the IT software and applications. Provides weekly project status reports, including accomplishments and outstanding issues.

Requirements

Highly technical and analytical expertise, with a proven background in technology design, implementation and delivery.
Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments.
Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), antivirus and firewalls, endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, data protection and application controls.
Skilled in meeting vulnerability and penetration testing requirements.
Excellence in communicating business risk from cybersecurity issues.
Experience managing SIEM systems, vulnerability management, threat intelligence platforms, security automation and orchestration solutions, data loss prevention (DLP) and other network and system monitoring tools.
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent.
5-7+ years of related experience required.

Nice To Haves

CISSP (preferred); CISM and/or SANS certification or other related certifications a plus.

Responsibilities

Assist with incident response and system stability issues as they occur. This may include involvement outside of regular work hours, and responsiveness is expected.
Leverage approved AI technologies to optimize results in Security Operations.
Implement, manage and maintain event and log collection, reporting and compliance requirements.
Design and build SIEM dashboards and reporting tools required by technical teams. Help correlate events to support SOC response requirements.
Maintain up-to-date level of knowledge related to security threats, vulnerabilities and mitigations set forth to reduce attack surface.
Tune the SIEM with threat intelligence sources (e.g., premium, industry-shared, open-source and dark web), and correlate event indicators and threats.
Support SOC automation initiatives leveraging playbooks, while also using human analysis as needed.
Actively participate in threat hunting tabletop exercises to hone and strengthen skills across the team.
Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes.
Monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services.
Collaborate with IT operations to manage internal- and external-facing systems to identify, track and remediate system and application vulnerabilities.
Support IT operations’ responsibility to remediate system and application vulnerabilities.
Conduct continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets.
Prioritize vulnerability remediation based on criticality, exploit probability, rating and business risk exposure.
Document, prioritize, recommend, validate and report on the state of vulnerabilities.
Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
Remain current with emerging threats and share knowledge with colleagues to improve security posture.
Implement and manage data discovery and classification to understand where sensitive data resides and how it is used.
Design, tune and operate DLP and CASB controls to prevent unauthorized data exposure and data exfiltration.
Drive DSPM initiatives to identify overexposed, redundant or high-risk data and support data minimization efforts.
Monitor and analyze access to sensitive data to reduce excessive or inappropriate access and mitigate insider risk.
Support the data governance program, including policy enforcement, standards, exception handling and documentation.
Produce clear metrics and insights on data protection posture, risk trends and control effectiveness.
Continuously improve data protection controls in alignment with evolving business needs and regulatory requirements.
Generate weekly, monthly and/or ad-hoc reports for managers as requested.
Perform other duties as assigned.