SOC Engineer (Onsite)

Family Health Centers of San Diego, Inc.•San Diego, CA

47d•Onsite

About The Position

The Security Operations Center (SOC) Engineer designs and administers cybersecurity information technology systems, and partners with other IT departments to review and implement cybersecurity best practices to applications, hardware, networking equipment, integrations and other infrastructure for the organization. This infrastructure is comprised of Windows and Linux servers, MS SQL, IIS, Apache, Azure SaaS/PaaS, Microsoft 365, Exchange Online, VMware virtualization, EntraID, Active Directory, layer-2 and layer-3 networking equipment, wireless access points, and IoT medical devices. This position will plan, design, install, monitor, and administer all cybersecurity tools and systems, lead in-depth troubleshooting and root cause analysis of incidents involving these systems, investigate cybersecurity incidents, and conduct threat hunting activities. The SOC Engineer performs tasks related to our IT Security policies and Incident Response Plan's processes to maintain a strict security posture and comply with HIPAA, PCI-DSS, and CCPA regulations. The SOC Engineer plans, develops and executes cybersecurity configuration changes on systems (network, hardware, software); assures security, reliability, and availability of the infrastructure to support the continued growth of the organization; performs capacity planning and analysis; participates in 24/7 on-call rotations; provides guidance and mentorship to SOC Analysts, NOC Technicians and all IT Technical Support staff; works in a highly collaborative and fast paced work environment with other SOC and Network Operations Center (NOC), Technical Support, Telecom, Project Management and Product Development staff.

Requirements

At least 5 years of experience in Cybersecurity with an emphasis on data and security event correlation, incident response, and the installation, configuration, administration, and management of cybersecurity tools such as SIEM, SOAR, firewalls, DAST/SAST scanners, and hardening of IT infrastructure in compliance with cybersecurity frameworks.
Or equivalent combination of education and experience that provides the skills, knowledge and ability to perform the essential job duties, and which meets any required state or federal certification requirements.
Expert level knowledge and training in cybersecurity event correlation, incident response, threat hunting.
Must be detail-oriented and committed to providing work of consistently high quality.
Must be self-sufficient, innovative, and able to work under minimal direct supervision.
Advanced level knowledge in cybersecurity systems implementation and integration.
Advanced level knowledge in IT infrastructure hardening.
Expert level troubleshooting and diagnostic skills.
Advanced level knowledge of and demonstrated competency in applying current concepts of network, system, application, and cloud security.
Advanced level knowledge of and demonstrated competency in applying current concepts of vulnerability and risk management; CIS hardening, patch management, GPO.
Advanced knowledge of and demonstrated competency in applying current concepts of identity and access management; Just in Time Access, Just Enough Access, identity Provider/SSO, conditional access, MFA.
Bachelor's degree in Cybersecurity, or equivalent experience.
Ability and means to travel as needed in a timely manner within San Diego County, to locations that may have limited access to public transportation; proof of liability and property damage insurance on vehicle used is required. DRIVER REQUIREMENTS: Licensed for a minimum of 3 years; No more than 2 violations and/or accidents within 3 years.

Nice To Haves

CISSP, CEH, CompTIA CySA+, CCNA, and Microsoft Certified: Azure Security Engineer Associate preferred.

Responsibilities

Triage, investigate, and remediate cybersecurity incidents.
Conduct proactive threat hunting using a SIEM, EDR and other relevant tools.
Assist in networking and infrastructure hardening activities.
Oversee and coordinate vulnerability management and patching remediation activities.
Assist in asset discovery and validation of asset visibility for vulnerability scanning processes.
Analyze and coordinate the remediation of infrastructure and penetration testing scan results to enhance security posture.
Utilize OSINT methodologies and additional resources to identify and mitigate potential security threats.
Design, install, monitor, integrate, and fine-tune cybersecurity tools and systems, including but not limited to, SIEM, SOAR, EDR, email security gateways, network and DAST/SAST scanning tools.
Conduct cybersecurity hardening for enterprise applications, network appliances, and systems by developing and implementing policies, rules, and configurations.
Recommend, develop, and implement data governance best practices with data sensitivity label policies.
Plans, designs, and coordinates legacy service deprecation such as LDAP binds and NTLM.
Act as an escalation point for SOC Analysts, NOC, and IT Technical Support staff for any cybersecurity related issues.
Perform other duties as assigned.