Information Security Senior Operations Engineer SIEM

About The Position

Requirements

• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• Up-to-date knowledge of methodologies and trends in both information security and IT.
• Must be a critical thinker, with strong problem-solving skills.
• Ability to lead moderate internal Endpoint Protection related tools and technology projects with dependencies on external IT teams.
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
• Ability to design and implement security solutions based on provided requirements.
• Maintain a working environment conducive to positive morale and teamwork.
• Ability to be on-call 24x7x365 rotation for information security incidents.
• Ability to mentor and influence others.
• Minimum of 5 years experience in a combination of incident response, information security and IT.
• Minimum 2 years development experience with scripting languages such as Python, JavaScript and/or PowerShell preferred.
• Degree in technology-related field preferred, or equivalent work- or education-related experience.
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Splunk Cloud Certified admin, GIAC Cloud Security Essentials (GCLD), GIAC Certified Incident Handler (GCIH), GIAC Certified Detection Analyst (GCDA), AWS Cloud Practitioner or other similar credentials.
• Advanced knowledge of incident response standards such as NIST 800-61 Rev 3, Computer Security Incident Handling Guide, ISO/IEC 27035:2023, and information security incident management
• Advanced knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS/IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
• Expertise in writing playbooks, procedures, processes and policies.
• Significant technical experience with the full stack of security controls and tools including SIEM, SOAR, SEG, EDR, network monitoring, HIPS, cloud security tools and DLP.

Responsibilities

• Perform deployment of cybersecurity monitoring, alerting and response content in SIEM, SOAR, SEG, cloud and/or endpoint security tools.
• Recommend, design, build and deploy new tools and platforms that help automate, streamline and scale security operations on-premises and within AWS/M365 cloud environments.
• Provide continuous monitoring, maintenance and support of new and existing security toolsets and systems to ensure resilience, reliability and scalability.
• Work with Risk and Compliance team to review security toolset policies are effective at mitigating current industry threats.
• Lead with tuning alerts in SIEM, SOAR and Endpoint tools.
• Lead with validating alerting use cases in SIEM.
• Work with Threat Intel team to ensure alerting for external threats.
• Test and pilot endpoint products for production readiness.
• Monitor security tool infrastructure for vulnerabilities and bug fixes and develop plan to remediate.
• Lead development of metrics to provide to IT and IS leadership.
• Assist IT Operations in support of log collection, agent installation and effectiveness.
• Provide up to date diagrams and support procedures for tier 1 and 2.
• Act as lead for tier escalation point for security requests and operational incidents.
• Assist in security incidents from identification through containment, eradication, recovery, and reporting.
• Create the necessary interpersonal networks among information security and IT to perform job function.
• Maintain external networks consisting of industry peers, vendors and other relevant parties to address common trends, findings, threats, and cybersecurity risks.
• Maintain foundational knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.
• Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.

Benefits

• Employee Stock Ownership Plan (ESOP)
• Tuition Reimbursement
• 401(k) Plan
• Medical/Dental/Prescription Coverage
• Flexible Spending Accounts (Health Care & Dependent Care)
• Employee Assistance & Wellness Programs
• Employee Credit Union
• Paid Time Off
• Employee Resource Groups