The Senior Security Engineer **Incident Response** works in Information Security organization as a member of the Security Operations, Incident Response (IR), and Engineering team. The **IR engineer** will design, develop, and test implementation of Security logging solutions. The Security data platform is the repository for the collection, storage and correlation event data across the enterprise. They must rapidly identify, prioritize, and respond to various security events, compliance violations, policy breaches, cyber security attacks, and insider threats. The successful candidate will work within the Security Incident Response team, in partnership with Security Architecture, Security Operations & Engineering and Lines of businesses, in a hands-on environment; working with numerous and varied applications. The successful candidate will have a strong combination of practical networking, firewall management, proxy solutions, information technology, and security skills.
Essential Functions
Responsible for initial triage of incoming support requests and issues. Will also handle the advanced issues and alerts escalated to them by IT and business customers and other Security Engineers.
Analyze and respond to security threats from various security platforms and technologies.
Support, troubleshoot, configure, manage, and upgrade FW, NIDPS, UTM, VPN, WAF and a wide variety of other security products.
Perform network troubleshooting to isolate and diagnose common network problems, using strong TCP/IP networking skills.
Respond to inbound requests via phone and other electronic means for technical assistance with managed devices.
Respond in a timely manner (within documented SLA) to configuration, maintenance, incident management, and other requests.
Document actions in ticketing system to effectively communicate information internally and to customers.
Respond to needs and questions of customers concerning their access to network resources through their managed device.
Adhere to established Security policies, procedures, and practices.
Research and resolve problems independently and understand escalation procedures.
Responsible for major Security platform changes including upgrades.
Create custom documentation for internal and external needs.
Responsible for mentoring and training of Security Engineers.
Attend vendor-specific meetings and conferences for business and professional development.
Responsible for testing and configuring new products and technologies. Provide technical inputs to management during proof-of-concept reviews for new security products.
Assist with designing and documenting work processes within Information Security.
Perform other duties as assigned.
Performs all administration, management, configuration, testing, and integration tasks related to the SIEM platform to include content creation, maintenance, and administration tasks.
Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, log throughput validation and lifecycle management of the SIEM/Log Management platforms.
Provide technical guidance to the Security Operations Center and/or the lines of businesses during investigations or incident response.
Performs security reconnaissance on assets, gathering intelligence to identify and respond to potential security threats or vulnerabilities of moderate organizational risk and complexity, ensuring appropriate leader notification and threat mitigation.
Reviews threat management systems, appropriately classifying and responding to threats of moderate risk.
Coordinates with security monitoring function to ensure they are provided with appropriate intelligence on any significant threats.
Conducts highly confidential moderately complex cyber forensic investigations, acquiring, collecting documenting, and preserving evidence from various forms of electronic media and equipment, alerting leadership as appropriate based on policies, standards, and procedures.
Works directly with the business on follow-up on issues resulting from forensic investigations and to ensure resolution.
Education & Experience Required
Associates Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least two years of related experience and/or training (in addition to experience requirements below); or equivalent combination of education and experience required.
• Minimum 3 years of experience in Information Security, Systems administration, Networking, or Incident response required.
• Minimum 3 years of related experience and/or training in a technology or incident response environment required.
• Minimum 2 years of full time experience with one or more of the following security products: AirWatch, Qualys, Encase, Threatgrid, Cellebrite, FTK, Check Point, FireAmp, Sourcefire, Elk, Tipping Point, Palo Alto Networks, Symantec, or other key security technologies.
• Significant experience with Linux, Windows and Network Operating Systems.
• Strong working knowledge of Access Control Devices (CounterAct, Carbon Black, FireAmp).
• Requires taking responsibility for IT and business customer satisfaction and overall success of Information Security.
• Requires interfacing with a variety of IT and business customers in a polite, positive, and professional manner.
• Technical knowledge on a number of security technologies.
• Solid understanding of information security and networking.
• Will be required to be on-call after hours and weekends on a rotating basis.
• May be required to work occasional off-shift hours to cover customer maintenance and on-site activities
• Practical expertise with TCP/IP networking.
Preferred Skills & Experience
Bachelor Degree in Information Technology, Information Security/Assurance, Engineering or related field of study preferred; at least four years of related experience and/or training (in addition to experience requirements below); or equivalent combination of education and experience.
• Security+, GCED, GSEC, GCIA, GCFA, OSCP, GCTI, GNFA, CCNA, GREM.
• Training in Advanced Digital Forensics, Incident Response, and Threat Hunting.
Key Attribute- Ability to effectively communicate, both verbally and in writing, at all levels of the organization
- Excellent active listening skills
- Ability to manage cross-departmental projects and make quick decisions based on information provided to ensure Change -Management protocols are being followed
- A passion for information security and data security required.
- Detail oriented with strong organization skills required.
- Customer service focus required with strong interpersonal skills including excellent written/verbal communication skills
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.
**Qualifications**