Senior Information Security Engineer - IS Mod

About The Position

Requirements

• Master’s degree with one (1) year experience or Bachelor’s degree in Computer Science, Information Systems, Engineering or related major and a minimum two (2) years’ experience in the information security field.
• Strong data and automation skills (e.g., KQL/Splunk SPL/Yara-L plus PowerShell/Python).
• Hands-on experience with platforms such as Microsoft Sentinel and Microsoft Defender XDR or comparable SIEM/XDR tools.
• Understands the use and efficacy of information security tools, server configurations and controls with the ability to install, configure, test and operate them.
• Able to test, implement, deploy, maintain, review and administer the infrastructure hardware and software required to effectively secure the enterprise, protect data, identify and mitigate risks.
• Ability to collect, process, preserve, analyze and present computer related evidence in support of network vulnerability mitigation and/or criminal, fraud, counterintelligence or law enforcement investigations.
• Provides advanced technical opinions/conclusions re. security tools, trends, and controls which are supported by documented evidence, based on multiple perspectives and leverage of a variety of resources.
• Demonstrates a deep and broad knowledge of standard operating procedures, workflows and supporting technology across numerous critical user areas and an in-depth knowledge of multiple computing technologies either being actively used or of significant interest to Mayo; understands how systems fit into larger picture of technology at Mayo.
• Capacity to work independently and willingness to seek advice/assistance.
• Must have one of the following certifications (or equivalent) at time of hire: CISSP, GSEC, CISM, OSCP, HCISPP. In lieu of certification at time of hire, candidate must pass the exam within two years and complete the certification process once years of service requirements of the certifying body have been met.

Nice To Haves

• Experience with threat intelligence.
• Experience with purple teaming/adversary emulation.
• Experience with vulnerability management.
• Experience with incident response.
• Experience with detection engineering.

Responsibilities

• Proactively hunts for and validates adversary activity across endpoint, identity, network, cloud, and application telemetry.
• Supports high-severity incident investigations to determine scope and impact.
• Translates successful hunts and threat intelligence into scalable detections and monitoring (e.g., SIEM/XDR correlation rules, alert logic, scheduled queries, and dashboards).
• Continuously tunes detections to reduce noise while improving coverage.
• Leverages automation and Artificial Intelligence platforms to accelerate hunt development, enrich investigative context, prioritize high-value leads, and improve the efficiency and scale of threat hunting workflows.
• Applies deep knowledge of attacker tradecraft and TTPs across the cyber kill chain, including IOC management, tracking, and hypothesis-driven hunting.
• Partners closely with incident response, detection engineering, security testing (purple teaming/adversary emulation), vulnerability management, and threat intelligence to communicate clear findings, risk, confidence, and recommended next steps and drive work to closure.
• Participates in security operations on-call rotations and periodic incident-handler rotations to support active investigations and maintain response readiness.
• Assists system users relative to information systems security matters.
• Undertakes complex projects requiring additional specialized technical knowledge.
• Works with business partners within the department to achieve organizational and OIS goals.
• Develops required competencies by mastering fundamental tasks.
• Independently analyzes technology security posture and appropriate use of security defenses.
• Matches technical solutions with business requirements and then designs and implements them.
• Performs self-directed software development, testing, support/problem solving, and overall technology administration.
• Applies knowledge of organizational procedures such as the system development life-cycle.
• Uses defensive measures and information to identify, analyze and report security events.
• Researches and understands pertinent information technology laws, policies and procedures.
• Establishes timelines and delivery of requirements.
• Applies IT-related laws and policies, and provides IT-related guidance throughout the software acquisition lifecycle.
• Collects and analyzes information to identify vulnerabilities and potential for exploitation.
• Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content.
• Executes duties governing hardware, software, and information system acquisition programs and other program management policies with minimal support.
• Installs, configures, tests, and operates information security tools, server configurations, and controls.
• Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software required to effectively secure the enterprise, protect data, identify and mitigate risks.
• Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability mitigation and/or criminal, fraud, counterintelligence or law enforcement investigations.
• Provides advanced technical opinions/conclusions re. security tools, trends, and controls which are supported by documented evidence, based on multiple perspectives and leverage of a variety of resources.

Benefits

• Security operations on-call rotations
• Periodic incident-handler rotations