Senior Security Engineer, SOC

Responsibilities

• Monitor and analyze security event logs and alerts to detect potential incidents, and lead investigations for containment, eradication, and recovery.
• Lead security incident investigation, containment, eradication, and recovery activities.
• Monitor AWS Security tools including GuardDuty, CloudTrail, IAM, AWS WAF, Shield, VPC Flow Logs to monitor and secure cloud workloads.
• Perform in-depth analysis of sophisticated security incidents and targeted attacks across systems, networks, and code to identify root causes and prevent recurrence.
• Enhance detection and response capabilities through automation, including fine-tuning alerts to reduce false positives and automating responses to repetitive incidents.
• Develop and maintain incident response playbooks for distinct types of security incidents, ensuring they align with current threats.
• Leverage IOCs, threat intelligence, and other data sources to enrich security events, improving detection accuracy and reducing incident response time.
• Work with security stakeholders and cross-functional teams to coordinate incident response efforts and improve overall security initiatives.
• Conduct proactive threat hunting to identify potential malicious activities and mitigate emerging risks before they escalate.
• Collaborate with Product security and infrastructure security team to conduct vulnerability scans, penetration tests, and risk assessments to uncover weaknesses in the security posture.
• Collaborate with IT and development and other relevant stakeholders to identify and contain the incident till to ensure timely patching and remediation of vulnerabilities.

Required Experience:

• A minimum of 5 years of experience in a Security Operations Center (SOC) environment.
• Relevant certifications such GCIA, GCIH, AWS Security Specialist or any other certification that is in the field of Security Operations or Incident Response.
• Hands-on experience with security tools and technologies such as SIEMs, Endpoint Detection and Response (EDR), Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), and vulnerability scanners.
• Proficient in the incident response process, including identification, containment, remediation, and recovery.
• Skilled in defense-in-depth and layered security architecture design and implementation.
• Experience with cloud security services, preferably in AWS environments.
• Strong analytical and problem-solving skills with a detail-oriented approach to security challenges.
• Excellent verbal and written communication skills, capable of conveying complex security concepts to non-technical stakeholders.

6-Month Accomplishments:

• Continuously perform security incident investigation, containment, eradication, and recovery. This includes identifying and responding to security incidents, containing the spread of the incident, eradicating the malware or other malicious code, and recovering the affected systems.
• Stay up-to-date on the current IT threat landscape and upcoming trends in security. This involves reading security blogs and articles, attending security conferences, and subscribing to security mailing lists. You should also use security tools and services that provide threat intelligence.
• Write new high-fidelity detections and incident response playbooks. This includes writing new rules and playbooks for your organization's security tools to help detect and respond to security incidents. You should have a deep understanding of your organization's security infrastructure and be familiar with the latest security threats and attack vectors.

12+ Month Accomplishments:

• Reduce Mean-Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR) through automation.
• Improve Security Operations Posture by continuously improving detections, writing high fidelity detections and maintaining up to date Incident Response Playbooks.
• Partner with cross-functional teams to identify business-critical operations and recommend strategies to enhance business continuity and resilience
• Working on Projects that will help shore up the Security Operations Posture

Good to have:

Coding Skills: Proficient in coding languages like Python or Go