Sr. Cyber Threat Engineer

LevelBlue LLC

1d•$100,000 - $120,000•Hybrid

About The Position

LevelBlue reduces risk and builds lasting resilience so organizations can innovate and advance their mission with confidence. As the world’s most analyst-recognized and largest pure-play managed security services provider, LevelBlue elevates client outcomes that matter: stronger defense, faster response, and sustained business continuity. LevelBlue combines AI-powered security operations, advanced threat intelligence, and elite human expertise to provide the most comprehensive portfolio of strategic advisory, managed security, offensive security, and incident response services. A Sr. Cyber Threat Engineer is a member of Global Threat Operations for LevelBlue Managed Security Services (MSS). In addition to possessing technical knowledge and leading delivery of complex technical issues, a Sr. Engineer interacts extensively with Cyber Threat Analysts and Engineers, customers, partners, and other internal organizations using professional etiquette- serving as a liaison for threat management services as well as an escalation point within GTO. Reporting to the Operations Manager for Global Threat Operations, the GTO Cyber Threat Operations Lead provides leadership responsibility for a team of cyber threat analysts and engineers responsible for the following activities: The use strong operating system, TCP/IP networking, and application skills to perform analysis and understand detected threats Analyze and respond to security events from firewalls, EDR, IDS, IPS, SIEM (Qradar, Splunk, ArcSight, LogRhythm), Web Application Firewall (WAF) and other security data sources within documented SLA Monitor and respond within service level agreement (SLA) standards to customer tickets and threats requiring incident notification Tune devices for proactive blocking and detection based on customer business need Configure, manage, and upgrade protection policies for Intrusion Detection Systems (IDS), Intrusion Protection Systems (IPS), Security Information and Event Monitoring (SIEM) platforms, and Endpoint Detection & Response Platforms Tune threat detection and protection devices for unique customer environments Create, improve, and document processes for the management and monitoring of security solutions. Demonstrate leadership in all areas of the customer service engagement Manage tasks and projects to meet the goals of the MSS & GTO organizations Organize and facilitate technical meetings with customers and internal organizations Maintain knowledge of industry-wide attacks and the current threat environment Demonstrate leadership to GTO & LevelBlue staff and customers Create, improve, and document processes for the management and monitoring of security solutions Take responsibility for customer satisfaction and overall success of managed services Respond to needs and questions of customers in a polite, positive, and professional manner concerning their managed services, managed devices and detected threats Adhere to policies, procedures, and security best practices Act as a mentor and escalation point for analysts and engineers within GTO Develop training plans to elevate the performance of analysts Lead projects to develop new service offerings and integrate new technology to services portfolio Work with internal engineering teams to facilitate new features and functions Collect and report data trending across multiple products and customers Provide input and guidance on new product development Act as both team and thought leader to junior threat team members within region and interact with peer leads and management across regions Understand big picture security and threat landscape, concerns and motivations Collaborate with management on process improvement, documentation and definition for threat analysis and classification Foster a culture of growth and development within the teams Actively recognize and reward team members for actions above and beyond.

Requirements

Skills/knowledge in Project and Queue Management
Skills/knowledge in SOC Operations / Management
Skills/knowledge in Endpoint Detection & Response
Skills/knowledge in Security Information and Event Management (SIEM)
Skills/knowledge in Unix / Linux and Windows system administration
Skills/knowledge in Information security best practices & network security architecture
Skills/knowledge in Signature based security products
Skills/knowledge in Current exploit and remediation techniques
Skills/knowledge in TCP/IP networking
Skills/knowledge in Vulnerability Scanning technologies
Skills/knowledge in Log collection and analysis tools
Skills/knowledge in Threat Intelligence
Skills/knowledge in Incident Response / Forensics
Skills/knowledge in Payment Card Industry (PCI) Standards
English: Demonstrated Fluency

Nice To Haves

7 or more years of information security or networking experience
Previous operational experience as an analyst or senior engineer
Excellent customer service skills
Excellent analytical thinking and problem-solving skills
Strong oral and written communication skills
Self-managed and team oriented; a great coach and teacher
Responsive and collaborative
Deadline and detail oriented; highly motivated
Leadership & management experience
Bachelor’s/Master’s Degree in Information Technology or Similar Area Of Study
At least 7 years of experience in Information Security or Networking
Certified in Security related Industry, Vendor or Professional Certification
2nd language is also desired: Spanish, Portuguese, French, German

Responsibilities

Perform analysis and understand detected threats using strong operating system, TCP/IP networking, and application skills.
Analyze and respond to security events from various security data sources within documented SLA.
Monitor and respond within service level agreement (SLA) standards to customer tickets and threats requiring incident notification.
Tune devices for proactive blocking and detection based on customer business needs.
Configure, manage, and upgrade protection policies for IDS, IPS, SIEM platforms, and EDR platforms.
Tune threat detection and protection devices for unique customer environments.
Create, improve, and document processes for the management and monitoring of security solutions.
Demonstrate leadership in all areas of customer service engagement.
Manage tasks and projects to meet the goals of the MSS & GTO organizations.
Organize and facilitate technical meetings with customers and internal organizations.
Maintain knowledge of industry-wide attacks and the current threat environment.
Demonstrate leadership to GTO & LevelBlue staff and customers.
Take responsibility for customer satisfaction and overall success of managed services.
Respond to customer needs and questions politely, positively, and professionally regarding managed services, devices, and detected threats.
Adhere to policies, procedures, and security best practices.
Act as a mentor and escalation point for analysts and engineers within GTO.
Develop training plans to elevate the performance of analysts.
Lead projects to develop new service offerings and integrate new technology into the services portfolio.
Work with internal engineering teams to facilitate new features and functions.
Collect and report data trending across multiple products and customers.
Provide input and guidance on new product development.
Act as both team and thought leader to junior threat team members within the region and interact with peer leads and management across regions.
Understand the big picture security and threat landscape, concerns, and motivations.
Collaborate with management on process improvement, documentation, and definition for threat analysis and classification.
Foster a culture of growth and development within the teams.
Actively recognize and reward team members for actions above and beyond.