Information Security Operations Engineer | Vulnerability Management |Threat hunting
What Youll Do
As a senior incident response engineer, you will combine deep technical ability with strong collaboration and leadership skills to provide technical thought leadership across the various security operations disciplines including incidence response, threat detection and vulnerability management.
Core Responsibilities:
Incident Detection and Triage
:
Monitor SIEM for alerts and anomalies. Identify and triage potential security incidents (e.g., malware infections, phishing, data exfiltration).
Incident Response and Mitigation
:
Lead investigations into confirmed incidents. Contain, eradicate, and recover from security events. Coordinate with internal stakeholders to implement remediation. Collect and preserve evidence for internal investigations or potential legal action. Contribute to incident response teams, maintaining relevant communication in emails, ticket summaries, analysis and reporting. Work with Incident handlers to provide recommendations for remediation of compromised systems and any relevant countermeasures.
Threat Analysis and Hunting
:
Perform threat hunting to proactively identify risks. Analyze indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
Playbook and Automation Development
:
Develop and enhance incident response playbooks. Identify opportunities for automation to streamline incident handling.
Post-Incident Activities
:
Lead post-incident reviews (PIRs), documenting lessons learned. Recommend and track corrective actions to prevent recurrence. Be able to translate incident response outcomes into documentation and reports to satisfy audit and compliance reviews.
Other Responsibilities
o Monitor various security blogs, alerts and notifications, RSS feeds and forums to keep abreast of the latest security news, attacks, threats, vulnerabilities and exploits.
o Applying the output of threat hunts into new detections and gap assessment
o Monitor various security blogs, alerts and notifications, RSS feeds and forums to keep abreast of the latest security news, attacks, threats, vulnerabilities and exploits.
o Build automated log correlations in Splunk or a similar tool to identify anomalous and potentially malicious behavior.
o Review, create or document standard operating procedures, recommendations, projects specific documents and resource guides as needed.
o Supervise vulnerabilities and work with engineering teams to drive proper mitigations.
o Supervise security operations queues to ensure timely triage of operations events and requests
o Supervise global vulnerability feeds, assess impact to the business and respond promptly
o Participate in security incident investigations and retrospect on security events
o Ensure all required logging is enabled and collected in SIEM tool
o Participate in on-call rotations as needed to support continuous monitoring needs that may lay outside of business hours
Who You Are
You have broad and deep knowledge and experience in providing security operations services including Incident Response, Vulnerability mgmt., and Threat Hunting, in various cloud native environments. You are motivated to work with multi-functional teams and drive things together to accomplish role objectives. You thrive in a fast-paced environment and seek ownership of large, critical projects. We're looking for people who enjoy crafting solutions to tackle problems rather than focusing on completing tasks as fast as possible.
Required Qualifications
o Bachelors or Masters degree in information security or equivalent with minimum 10 years of Security Operations experience
o Demonstrated ability administering and operating security tooling such as Nessus, OSQuery, Splunk, Burpsuite, Nmap, Wireshark, Falco, Tenable, Wiz.io, etc.
o Thorough technical expertise in administrating/operating and supporting various public cloud technologies including AWS, Azure and GCP
o Ability to create custom correlation rules to detect known or suspected malware traffic patterns within security tools
o Packet-level knowledge of TCP/IP protocols and network applications and an understanding of TCP/IP routing behaviors
o Certifications such as CEH, Splunk, CISSP, Cloud Certs AWS/GCP/Azure
o Understanding of regular expression and expertise in various query languages including for Splunk and Jira
o Demonstrated experience operating in regulated environments and ensuring incident response activities are aligned with compliance requirements.
o Familiarity with and ability to support incident response practices aligned with SOC 2, IRAP, ISO/IEC 27001, NIST 800-53, HIPAA, and other relevant regulatory standards.
o Experience analyzing events or incidents to triage the issue, find the root cause through log and forensic analysis, and determine security vulnerabilities, attacker exploit techniques and methods to construct the appropriate
remediation.
Experience developing playbooks, run books, solve technical issues, and recognize and identify patterns to reduce ticket volume
Ability to write scripts (e.g., Python, PowerShell, Bash) to automate tasks.
o Strong knowledge of security standard methodologies, principles, and common security frameworks. Such as MITRE ATT&CK, NIST, ISO 27001, OWASP-Top 10, CIS benchmarks.
o Knowledge of TCP/IP, AI tools, CVSS, Linux, Virtualization, Containers
o Strong communication, organizational, and problem-solving skills in a dynamic environment
o Effective documentation skills, to include technical diagrams and written descriptions
o Ability to work independently and as part of a team with professional demeanor.
