Security Engineer 4

Security Engineer 4-2200060J

**Applicants are required to read, write, and speak the following languages**: English

**Preferred Qualifications**
**Principle SOC Response Engineer**

**Responsibilities**:
**General Response Engineer**
- Respond to potential security incidents, draft comprehensive incident reports, document and execute lessons learned
- Use tool sets to perform analysis of cyber security events
- Cross train and learn within and across focus groups
- Participate in and lead threat hunts
- Mentor and coach junior team members and peers

**Incident Response and Request Coordination**:

- Security event response coordination planning
- Daily monitoring of security requests
- Coordinate event response
- Lead post security event response reviews
- Create, submit, and present security event response metrics to leadership
- Review final reports for completeness, accuracy, and readability prior to submission

**Threat Intelligence, Orchestration and Event Response**
- Perform threat research proactively and in response to security events
- Enrich current and future detections to improve confidence and priority
- Automate response processes via SOAR platform

**Skills**

**Required Skills**:

- Self-motivated, excellent analytical and problem solving and critical thinking skills
- Ability to communicate with other technical and non-technical teams proactively and clearly during investigations, lessons learned, and to learn about the environment
- Writing detailed incident reports and updates on a regular basis
- Effective time management skills by completing assignments or delivering updates within required deadlines
- Understanding security event monitoring and triage, incident response, and auditing
- Strong understanding of system and network security threats and vulnerabilities
- Exercise sound judgement calls for investigative purposes, including making the determination to close a case
- Knowledge of compliance program security controls, such as ISO 27001, SOC 1 & 2, and FedRAMP, as applied to cloud SaaS, PaaS and IaaS operations.
- Familiarity with SDLC principles and scripting & programming languages (such as Terraform, Python, Bash, etc.).
- Scripting, programming knowledge and experience

**Preferred Skills**
- Expert level understanding of secure networking principles, routers, switches, and load balancers
- Knowledge of encryption technologies and architectures
- Strong knowledge of web technologies, middleware, database, OS, firewalls, network communication protocols and methods
- Knowledge of database security principles
- Strong knowledge of cloud architecture and security principles, risk management frameworks and Unix, Linux, and Windows system administration

**Desired Skills**
- Familiarity with industry recognized frameworks including but not limited to MITRE ATT&CK, ADS, NIST 800, and CIS
- Recognized industry certification and continuing education programs are a major plus including GCIH, GCIA, CISSP, GCFA, GMON, GREM, GNFA
- Working knowledge of forensics, incident response and threat hunting methodologies for a cloud service provider

**Experience**:
**Required Experience**
- Minimum of 8 years related experience in an information security role, supporting security programs and security engineering/architecture in complex enterprise environments.
Hands on experience with enterprise security architecture, engineering and implementation required.
**Desired Experience**
- Bachelor-level university degree in a relevant field from an accredited university, or equivalent.
- Hands-on experience with TCP/IP and data packet capture analysis, networking fundamentals, common network services, network vulnerabilities and network attack patterns
- Hands-on experience using SIEM for data analysis and EDR tools for response purposes
- Experience in developing secure, scalable cloud architectures and distributed systems
- Experience with logging and log analysis
- Experience with identity management principles and technology
- Experience with high-level software design and development and the design, use, and deployment of automation and orchestration frameworks
- Experience with Linux system administration, scripting, log parsing, vulnerability assessments, penetration testing, and vulnerability management

Expert level experience in evaluating and assessing security threats across a variety of environments and industries

**Detailed Description and Job Requirements**

Responsible for the planning, design and build of security architectures; oversees the implementation of network and computer security and ensures compliance with corporate security policies and procedures.
Minimum of 8 years related experience in an information security role supporting security programs and security engineering/architecture in complex enterprise environments.
Hands on experience with enterprise security architecture, engineering and implementation required.
Knowledge of compliance program security controls