This Senior Engineer - IT Security role involves leading advanced incident investigations, threat hunting, and incident response efforts. Key responsibilities include conducting deep-dive analyses of security alerts, performing root cause analysis, and developing incident response playbooks. The role also focuses on vulnerability management, security tool optimization, and integrating threat intelligence to enhance detection capabilities. Candidates should have a minimum of 5 years of experience in a SOC or similar cybersecurity role, with strong understanding of security frameworks and hands-on experience with SIEM and EDR tools.
Good To Have:
Certifications such as GCIA, GCIH, CEH, CISSP, OSCP, or Security+
Experience with scripting (Python, PowerShell, Bash) for automation and log parsing
Knowledge of cloud security monitoring (AWS, Azure, GCP)
Experience with SOAR platforms and the automation of incident response workflows
Must Have:
Conduct deep-dive investigations into complex security alerts and incidents.
Lead containment, eradication, and recovery efforts for security incidents.
Proactively search for threats within our environment using threat intelligence.
Perform root cause analysis for security incidents and recommend preventative measures.
Conduct regular vulnerability scans and assessments using industry-standard tools.
Contribute to the creation and refinement of incident response playbooks.
Recommend and assist with the configuration and optimization of security controls.
Integrate and operationalize threat intelligence (IOCs) and TTPs.
Generate comprehensive incident reports and provide actionable insights.
Add these skills to join the top 1% applicants for this job
game-texts
networking
incident-response
aws
azure
threat-intelligence
powershell
cloud-security
python
splunk
bash
Description
Key Responsibilities:
Advanced incident investigation: Conduct deep-dive investigations into complex security alerts and incidents, correlating events across multiple security tools and logs (SIEM, EDR, network logs, cloud logs).
Incident response leadership: Lead containment, eradication, and recovery efforts for security incidents, collaborating with IT, engineering, and other teams.
Threat hunting: Proactively search for threats within our environment using threat intelligence, hypotheses, and advanced analytical techniques.
Root cause analysis: Perform root cause analysis for security incidents and recommend preventative measures to enhance our defenses.
Threat Hunting: Exercises and proactive detection activities. Stay updated on emerging threats, vulnerabilities, attack techniques, and security news
Vulnerability Management: Conduct regular vulnerability scans and assessments using industry-standard tools and ASPM. Analyze scan results to identify and classify security vulnerabilities, understanding their potential impact and exploitability.
Develop playbooks: Contribute to the creation and refinement of incident response playbooks, runbooks, and standard operating procedures, including SOAR.
Security tool optimization: Recommend and assist with the configuration, tuning, and optimization of SIEM rules, EDR policies, and other security controls.
Threat intelligence integration: Integrate and operationalize threat intelligence (IOCs) and TTPs to improve detection capabilities and inform proactive defense strategies.
Reporting: Generate comprehensive incident reports and provide actionable insights to management.
Required Qualifications:
Minimum of 5 years of experience in a Security Operations Center (SOC) or a similar cybersecurity role
Strong understanding of security frameworks (MITRE ATT&CK, NIST, ISO 27001, etc.)
Hands-on experience with SIEM tools (e.g., Splunk, QRadar, Sentinel, etc.)
Familiarity with EDR solutions (e.g., CrowdStrike, Carbon Black, Defender ATP)
Solid knowledge of networking concepts, log analysis, and common attack vectors
Experience in the incident response lifecycle, malware analysis, and threat hunting
Ability to perform effectively in high-pressure situations and manage multiple incidents simultaneously
Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience)
Preferred Skills and Certifications:
Certifications such as GCIA, GCIH, CEH, CISSP, OSCP, or Security+
Experience with scripting (Python, PowerShell, Bash) for automation and log parsing
Knowledge of cloud security monitoring (AWS, Azure, GCP)
Experience with SOAR platforms and the automation of incident response workflows
Set alerts for more jobs like Senior Engineer - IT Security