Senior Security Operations Engineer

Senior Security Operations Engineer

Requirements

• Minimum of 6 years in cybersecurity, with a focus on detection and response.
• Technical proficiency with protection of on-premise computing environments and proficiency with one or more major cloud computing environments.
• Strong expertise in incident handling and forensic investigation.
• Strong knowledge of the cyber threat landscape and ability to articulate and incorporate understanding of major threat categories, motivations, and intent of adversaries.
• Automation-first mindset and demonstrated expertise in mentoring and training peers in security engineering skill sets.
• Experience in at least one programming language (Python, Go, C, C++) or deep expertise using low-code automation tools or SOAR platforms.
• Exceptional collaboration and communication skills, with the ability to engage with partners and stakeholders from various perspectives and technical understanding.
• Familiarity with modern infrastructure tools, such as Docker, Kubernetes, Ansible, Cloud Formation, Terraform.
• Experience building and scaling open source security observability solutions.
• Experience with Unix/Linux environments.
• Self-motivated, with good communication and writing skills.
• Must be able to pass a background check.

Responsibilities

• Develop and execute a comprehensive security operations strategy that aligns with organizational goals, ensuring robust protection against current and future cyber threats.
• Evaluate and implement emerging security technologies and methodologies to continuously enhance our security posture and operational efficiency.
• Partner with stakeholders and cross-functional teams (Engineering, Product, SRE, IT, Legal) to adapt in a dynamic security landscape.
• Design, implement, and fine-tune advanced detection mechanisms to proactively identify potential security threats and vulnerabilities.
• Continuously tune alerting rules to reduce false positives and enhance our signal-to-noise ratio.
• Perform forensics and lead response efforts during security incidents, including triaging security alerts, taking relevant mitigation steps, and engaging with internal stakeholders to ensure swift resolution.
• Drive the advancement and growth of detection and automation initiatives.
• Manage security event monitoring, management, response workflows, and tasks.
• Improve security operations by developing measurement capabilities and metrics to track and communicate performance, coverage, and risk.
• Author comprehensive runbooks, write automation scripts, and build SOAR (Security Orchestration, Automation, and Response) capabilities to reduce manual intervention and improve response times.
• Create, maintain, and manage a library of automated playbooks to address new threats and tactics employed by attackers.
• Develop standard operating procedures and other appropriate documentation to enforce quality and consistency of services being delivered.
• Support ongoing security compliance, audit, and certification programs (e.g., HIPAA, SOC 2).

Preferred Qualifications

No preferred qualifications provided.