Security Operations Engineer

About Ferguson Ferguson is the largest value-added distributor serving the specialized professional in the residential and non-residential North American construction market We help make our customers complex projects simple successful and sustainable by providing expertise and a wide range of products and services from plumbing HVAC appliances and lighting solutions to pipe valves and fittings water and wastewater solutions and more Headquartered in Newport News Virginia Ferguson has sales of 29 6 billion fiscal year 24 and approximately 35 000 associates in nearly 1 800 locations ANSR is the market leader in enabling organizations to build manage and scale global teams through Global Capability Centers GCCs ANSR s full-stack GCC platform comprising end-to-end Al- enabled products and services is trusted by the world s best companies to help them set up manage and run their high-impact technology centers Since its inception ANSR has established over 125 GCCs aggregating to over 125k enterprise talent with over 2B in investment and using over 12M sq ft of workspace Visit ansr com for more information Duties and Responsibilities Conduct initial triage and review of security incidents from internal and external sources to assess root cause impact and remediation steps Handle incoming calls during evening shifts routing non-security incidents to relevant teams per defined processes Collaborate with the Cyber Threat Prevention Team to improve processes drive automation and support shift-left initiatives Elevate incidents to L2 analysts based on established runbooks and procedures Monitor and ensure service availability and reliability across all security offerings Find opportunities for security rule tuning based on detection patterns and assist in improving operations runbooks Partner with the Automation team to automate response runbooks and enhance operational efficiency Maintain strong working relationships with IT Security third-party vendors and business collaborators Ensure proper maintenance monitoring automation and response procedures to meet security and availability objectives Adhere to ITIL and other operational processes for quality execution Provide input on technology selection and participate in relevant training sessions to enhance security technology skills Follow all policies rules and regulations and perform additional duties as requested by management Availability to work holidays and weekends as per shift assignments Qualifications and Requirements 0-3 years of experience in incident response ideally within a Security Operations Center SOC with hands-on experience in monitoring security alerts performing initial triage and analyzing incidents Certifications such as Security Blue Team Level 2 BTL1 CompTIA CySA or CompTIA Security are desirable but not required Associate s degree or equivalent experience in Cybersecurity Computer Science Information Technology or a related field is preferred Experience with Azure Sentinel and KQL Kusto Query Language is a plus Basic understanding of incident response processes common attack vectors and threat types Familiarity with SIEM tools such as Splunk Azure Sentinel for monitoring security events and performing basic log analysis to identify potential threats Ability to recognize and analyze basic Indicators of Compromise IOCs in network and endpoint logs Solid attention to detail and vigilance when reviewing logs and alerts to identify security incidents Ability to quickly learn and adapt to new security tools processes and technologies Skilled in performing initial incident triage figuring out severity of incidents and advancing to Tier 2 analysts when necessary Proficient in analyzing security event data raising alerts and effectively communicating findings to senior analysts and other teams Solid understanding of the MITRE ATT CK framework and its application in identifying and categorizing threats Ability to safely contain collect and handle malware during an incident response Strong organizational skills with the ability to prioritize tasks and manage time effectively in a fast-paced environment Proficient in Microsoft Office Suite Outlook Word Excel PowerPoint for documentation and communication Effective verbal and written communication skills for incident reporting alerting senior analysts and collaborating with multi-functional teams Ability to work within multi-functional teams and support incident escalation and resolution Strong problem-solving and logical reasoning abilities to solve security incidents and determine appropriate responses