Senior Security Engineer -SOAR & SEIM

POSITION SUMMARY STATEMENT:

The Senior Security Engineer position will be responsible for the implementation of the SOAR platform and other automation technologies, with a strong emphasis on custom automation development using python (preferred) or powershell. The Sr. Security Engineer will be working as the Subject Matter Expert for onboarding SIEM components and integration of the various security tools into SIEM. This position will also be responsible for the ongoing implementation, and co-management of cloud-based SIEM along with MSSP services, including development and review of detection logic.

DETAILED RESPONSIBILITIES/DUTIES:

• Author, test, and maintain automation scripts/workflows within SOAR platform
• Integrate SOAR platform with other security tools and APIs to execute automated workflows Automate Security Incident Response processes by providing the ability to analyze and resolve alerts from security tools
• Maintain knowledge and understanding of current and emerging SIEM practices and standards
• Build analysis and correlation logic to enable security threat hunting and investigation practices
• Effectively interact with colleagues across the Cybersecurity team, as well as the broader Technology and Application teams
• Support SIEM operations by writing/testing complex correlation rules and handling log source integration with SIEM
• Clearly identify, capture, articulate, design, implement, and maintain security operations use cases
• Work on complex technical problems and provide innovative solutions
• Assist with process development and process improvement/automation for Security Operations

REQUIRED QUALIFICATIONS:

Skills:

• Excellent communication skills
• Experience with architecture and implementation of SOAR solutions
• Strong scripting skills in either python (strongly preferred) or powershell for automation in Windows and Linux environments
• Experience with Linux shell scripting
• Good understanding of the offensive and defensive sides of security
• Expert level experience in deployment and managing SIEM platforms
• Strong team player - collaborates well with others to solve problems and actively incorporates input from various sources
• In-depth knowledge of architecture, engineering, and operations of any enterprise SIEM platform
• Deep understanding of logging mechanisms of:
• Windows
• Linux
• Mac OS
• Networking technologies
• Azure cloud technologies

Security Operations Center (SOC) work experience desired

Experience:

• More than 6-8 years of experience in Enterprise Cybersecurity or with a reputable Services / consulting firm offering Security Consulting, Implementation and Managed Security services
• 2+ years of relevant experience in Security Operations Center environment (SOC) desired
• Experience investigating security events, threats and/or vulnerabilities
• Scripting or programming experience (Shell scripting, PowerShell, Python, etc.,)
• Experience working on an agile development team or agile engineering team
• Experience in SOAR (Security Orchestration Automation Response) platform is preferred
• Experience maintaining and securing container technologies (Azure Kubernetes) strongly desired
• Experience with Cribl LogStream preferred

Education:

• Bachelors degree in Computer Science, Information Technology, Business, or Discipline involving Data Analytics OR Equivalent professional experience
• Professional Certifications like GSEC, GCIA, CISSP, OSCP, etc., will be plus

Location:

Experience:

Work Mode:

Work Timing: