Information Security Operations Engineer SIEM

About The Position

Requirements

• Minimum of 3 years experience in a combination of incident response, information security and IT.
• Development experience with scripting languages such as Python, JavaScript and/or PowerShell preferred.
• Degree in technology-related field preferred, or equivalent work- or education-related experience.
• Professional security or information technology certification is desirable, such as CISSP, Splunk Core Certified User, Network+ and Security+.
• Foundational knowledge of incident response standards such as NIST 800-61 Rev 3, Computer Security Incident Handling Guide, ISO/IEC 27035:2023, and information security incident management
• Foundational knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS/IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
• Technical experience with multiple security controls and tools including SIEM, SOAR, EDR, SEG, network monitoring, HIPS, cloud security tools and DLP.

Nice To Haves

• Development experience with scripting languages such as Python, JavaScript and/or PowerShell preferred.
• Degree in technology-related field preferred, or equivalent work- or education-related experience.
• Professional security or information technology certification is desirable, such as CISSP, Splunk Core Certified User, Network+ and Security+.

Responsibilities

• Assist in building and deploying new tools and platforms that help automate, streamline and scale security operations on-premises and within AWS/M365 cloud environments.
• Provide continuous monitoring, maintenance and support of new and existing security toolsets and systems to endure resilience, reliability and scalability.
• Consult with Risk and Compliance team to review security toolset policies are effective at mitigating current industry threats.
• Assist with tuning alerts in SIEM, SOAR and Endpoint tools.
• Assist with validating alerting use cases in SIEM.
• Assist with use case creation including reporting and automation.
• Work with Threat Intel team to ensure alerting for external threats.
• Test and pilot endpoint products for production readiness.
• Monitor security tool infrastructure for vulnerabilities and bug fixes and develop plan to remediate.
• Assist in development of metrics to provide to IT and IS leadership.
• Provide up to date diagrams and support procedures for tier 1 and 2.
• Act as highest tier escalation point for security requests and operational incidents.
• Assist in security incidents from identification through containment, eradication, recovery, and reporting.
• Maintain the necessary interpersonal networks among information security and IT to perform job function.
• Maintain external networks consisting of industry peers, vendors and other relevant parties to address common trends, findings, threats, and cybersecurity risks.
• Maintain foundational knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.
• Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.

Benefits

• Employee Stock Ownership Plan (ESOP)
• Tuition Reimbursement
• 401(k) Plan
• Medical/Dental/Prescription Coverage
• Flexible Spending Accounts (Health Care & Dependent Care)
• Employee Assistance & Wellness Programs
• Employee Credit Union
• Paid Time Off
• Employee Resource Groups eligibility requirements may apply