Operational Technology

The Security Platform Engineer is a seasoned subject matter expert, responsible for facilitating problem resolution and mentoring for the overall Global Data Centers Office of Information Security (GDC-OIS) team. This role performs important tasks specialized at threat hunting, Crowdstrike, Network Security and other operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments).

Role & responsibilities

Works as part of a 24/7 global team in IT/OT environment. ICS and SCADA

knowledge preferred.

Administers the organization's security tools to gather security logs from the

environment and performs lifecycle management, including break-fix, patching, and

live updates.

Performs security incident handling and response from various vectors, including

endpoint protection, enterprise detection and response tools, attack analysis,

malware analysis, network forensics, and computer forensics.

Conducts vulnerability assessments using automated scanning tools and manual

techniques to identify security vulnerabilities in systems, networks, applications,

and infrastructure components.

Analyzes scan results, prioritizes vulnerabilities based on severity, impact, and

exploitability, and provides detailed remediation recommendations to system

owners, administrators, and IT teams.

Monitors security alerts and maintains awareness of new threats and vulnerabilities

to identify potential risks.

Reads reports, makes risk assessments, works to detect the source of attacks, and

tests current defenses against threats.

Collaborates to develop practical mitigation strategies, configuration changes, and

patch management processes to address identified vulnerabilities. Identifies opportunities to make automations that will help the incident response

team.

Ensures usage of knowledge articles in incident diagnosis and resolution and

assists with updating as required.

Investigates causes of incidents, seeks resolution, and escalates unresolved

incidents, following up until resolved.

Provides service recovery following the resolution of incidents and documents and

closes resolved incidents according to agreed procedures.

Maintains knowledge of specific , provides detailed advice regarding their

application, and ensures efficient and comprehensive resolution of incidents.

Logs all incidents in a timely manner with the required level of detail and cooperates

with all stakeholders, including client IT environments, vendors, and carriers, to

expedite diagnosis of errors and problems and identify a resolution.

Analyzes data from various sources, including network traffic, email logs, malware

files, web server logs, and DNS records, to identify potential risks and improve

security measures

Leads projects, self-starter, and performs any other related task as required.

Required Attributes:

• Seasoned working knowledge on implementation and monitoring of any SIEM or

security tools/technologies. ICS and SCADA knowledge preferred

• Seasoned knowledge on security architecture, worked across different security

technologies.

• Customer service orientated and pro-active thinking.
• Problem solver who is highly driven and self-organized.
• Great attention to detail.
• Good analytical and logical thinking.
• Excellent spoken and written communication skills.
• Team leader with the ability to work well with others and in group with colleagues

and stakeholders.

Preferred candidate profile

Seasoned experience in Security technologies like (SIEM, PAM, IAM, PenTest, Threat

Hunting, Firewall, Proxy etc.) preferably within a global IT services organization.

Prior experience of working into Security Operation centers of a Data Center will be

an added advantage.

ICS and SCADA knowledge preferred.

Seasoned experience in technical support to clients.

Seasoned experience in diagnosis and troubleshooting.

Seasoned experience providing remote support in Security Technologies.

Seasoned experience in SOC/CSIRT Operations.

Seasoned experience in handling security incidents end to end.

Seasoned experience in Security Engineering.

Knowledge on networking, Windows, Linux and security concepts.

Seasoned experience in configuring/managing security controls such as RBAC, IAM,

Zero Trust, UTM, Proxy, SOAR, etc..

Knowledge on log collection mechanism such as Syslog, Log file, DB API.

Knowledge in security architecture.

Prior experience of working on platforms like Crowd strike, Qualys, Palo Alto,

Splunk, QRADAR, Cisco, VMWare and Ubuntu