Job Description

This is an exciting opportunity to join a new team and help build a comprehensive security program from the ground up. The Senior Engineer of Security Operations and Infrastructure will support the implementation of the forward-looking security architecture (heavily driven by Microsoft) for our systems and networks (Zero Trust). The ideal candidate will be responsible for implementing, operating (administering, maintaining, and optimizing) the security technology infrastructure that protects, detects, and responds to threats against our business and customer data. In this role, you will have duties in the security operations of red teams (vulnerability management) and blue teams (monitor, detect, respond). You will interact and engage with third-party providers that are part of the team. You will also collaborate with internal stakeholders and customers in Human Resources, Sales, Marketing, Product Management, Engineering, etc Responsibilities: Independently handle global team work: Work independently or asynchronously on a globally distributed team. Expertise in Zero Trust architectures: Demonstrate knowledge of Zero Trust architectures and the associated tooling and technology. Participate in security operations: Participate in the general operations of a security operations center, incident response team, threat intelligence unit, and/or security engineering or tools teams (integrate, automate, optimize). Hands-on experience with security technologies: Have hands-on experience with core security operations infrastructure technologies such as EDR, SASE, WAF, IAM, PAM, Vulnerability Management, Threat Intelligence, SIEM, etc., and services like MDR, MSSP, Forensics and Incident Response, Attack Surface Management, etc. Implement cloud security controls: Understand cloud security controls and how to implement them for Azure and AWS. Utilize Microsoft Defender Stack: Utilize hands-on experience with the Microsoft Defender Stack, including Defender for Cloud, Defender for Endpoint, Defender for M365, Defender for CSPM etc. Respond to real-world incidents: Respond to real-world incidents, including ransomware and other threats, threat modeling, and the development of architectures and designs. Hands-on software development or scripting experience is a plus. Familiarity with Scripting Languages: Familiarity with PowerShell scripting and KQL is an asset. Maintain threat knowledge: Maintain knowledge of attacks, attackers, their tools and techniques, vulnerabilities, and how to model those threats against our business. Develop detection rules and algorithms: Build detection rules and algorithms. Implement compliance requirements: Implement governance, risk, compliance, and audit requirements in security operations, especially for a technology company. Exhibit strong communication skills: Exhibit excellent written and oral communication skills. About you: Experience in security and cross-functional areas: 4+ years of combined experience in security and other cross-functional areas. Educational background: Bachelors or Master s Degree is preferred but optional. Preferred certifications: Industry certifications (SANS, etc.) are preferred but optional. Strong analytical skills: Strong analytical and problem-solving skills. Adaptability: Ability to work in a dynamic and fast-paced environment. Team collaboration: Strong team player with the ability to collaborate effectively with colleagues and stakeholders. Proficiency in security tools: Proficiency in security tools and technologies relevant to the role. Critical thinking skills: Ability to think critically, adapt to changing priorities, and effectively solve problems with a resourceful approach. Additional Skills: Conduct risk assessments : Proficiency in conducting security risk assessments and vulnerability assessments. Experience in incident response : Experience in incident response planning and execution. Develop security policies: Ability to develop and maintain security policies, standards, and procedures. Familiarity with compliance requirements : Familiarity with regulatory compliance requirements and frameworks (e.g., GDPR, ISO 27001, NIST). Project management skills: Strong project management skills with the ability to manage multiple projects simultaneously