Senior Cyber Security Engineer

About The Position

Requirements

• Experience working with and managing Security Information and Event Management (SIEM) tools such as Splunk, Sumo Logic, Elastic, etc.
• Threat hunting experience endpoint, network, DNS, email, EDR, and audit logs, as well as netflow and packet captures.
• Experience working with and managing utilizing Endpoint Detection and Response (EDR) tools such as Crowdstrike, Sentinel One, Microsoft Defender, etc.
• Thorough understanding of MacOS, Linux, and Windows hardening and security best practices.
• Experience creating threat and DLP signatures for network, endpoint, email, and cloud/SaaS security solutions to identify potential attacks, exploits, or data exfiltration attempts.
• Extensive experience developing and automating incident response policies.
• Experience delivering complex projects, including coordinating and driving issues to resolution utilizing excellent technical troubleshooting skills.
• A drive to learn and work with industry leading technologies.
• An understanding of network orchestration and automation with Python, Ansible, and Terraform.

Nice To Haves

• Any experience automating security operations tasks or using SOAR platforms is a plus.
• Experience with DevSecOps practices, including securing containerization technologies (Kubernetes, Docker, etc), artifact repositories (Artifactory, CodeArtifact, etc), and CI/CD or version control systems (GitHub, GitLab, etc).
• Experience working with Security Access Service Edge (SASE) solutions such as Zscaler, Prisma Access, Netskope, etc.
• Thorough understanding of email security and best practices.
• Experience working with Secure Email Gateways (SEGs), Mail Transfer Agents (MTAs), and end user training solutions like Knowbe4 is highly desirable.
• Experience with both traditional DLP and Cloud Access Security Broker (CASB) solutions, especially developing data classification policies, signature detection, and response runbooks.
• Extensive experience with network security tooling and practices such as layer 7 firewalls and Unified Threat Management (UTM) solutions, Intrusion Detection and Prevention Systems (IDS/IPS), malware sandboxing, Network Detection and Response (NDR) solutions, netflow and telemetry aggregation, systems, microsegmentation, web application firewalls (WAFs), load balancers, network taps, DNS security solutions, etc.
• Thorough knowledge of Public Key Infrastructure (PKI), certificate lifecycle management, 802.1x implementation, mTLS, etc.
• Experience with Google Workspace, especially developing Trust Rules to secure and control sensitive data and enhancing DLP capabilities.
• Experience with developing information security architectures and securing complex infrastructure environments.

Responsibilities

• Develop new cyber detections for threats and other uses cases using our SIEM and other security tooling.
• Develop automated processes for triaging security incidents and incident response in general.
• Assesses software and service requests from within the organization.
• Deploy and develop solutions to better secure Stack AV’s infrastructure, data, and people.
• Conduct and/or arrange vulnerability and other security assessments on Stack’s infrastructure.
• Respond to security incidents and drive the effort to mitigate and/or remediate findings.
• Work with Stack’s highly technical software and hardware engineering teams to understand their goals, and deploy tools and solutions to get the data accessible to them for development.

Benefits

• We are proud to be an equal opportunity workplace.
• We believe that diverse teams produce the best ideas and outcomes.
• We are committed to building a culture of inclusion, entrepreneurship, and innovation across gender, race, age, sexual orientation, religion, disability, and identity.