The mission of the role

The Security Engineer’s primary role is to detect and analyze data centrally collected from various sources such as Intrusion Detection Systems, Directory Services, Proxies, Anti-Virus systems, etc. and manage security incidents that may occur. The Security Engineer also serves as the point of contact for end-users and Technology staff to report suspicious events. He/she also would be an escalation point for the SOC analysts during initial investigations of security events of interest.

As a Security Engineer you will have the following key accountabilities:

  • React to security alerts and security events of interest from Splunk, IDS, endpoint protection, and other security-related systems
  • Threat Hunting in the company`s environment
  • Advanced data analytics in Splunk
  • Perform event and incident analysis and management escalated by the SOC
  •  Advice on mid-term countermeasures. Provide input to IT Security prevention, detection, and reaction strategy
  • Manage security incidents – mid to major severity
  • Escalate major incidents to InfoSec management
  • Perform data analytics in Splunk, including the definition and creation of Splunk security use cases (detection rules)

What skills, qualifications, and experience do you need?

Skills and Experience:

  • Minimum of 3 years of relevant Security experience, with at least one year, focused on security incident response
  • Strong communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business
  • Demonstrate knowledge of industry security incident process frameworks
  • Ability to think like a hacker
  • Able to manage security incidents by understanding common attack techniques, vectors, and tools as well as defending against and/or responding to such attacks when they occur
  • Detect malicious applications and network activity
  • Ability to perform hypothesis-driven threat hunts
  • Knowledge of industry security frameworks including Critical Security Controls for Effective Cyber Defense, ISO27001, NIST800-53
  • Operating, using, and writing detection use cases for SIEM (Splunk Enterprise Security preferred)
  • Advanced working knowledge of security modules in Splunk or similar SIEM systems
  • Advanced working knowledge of security technologies including AV, endpoint protection, IDS, proxies, content filtering, application security, vulnerability management
  • Advanced technical understanding and knowledge of IT Security best practices, common attack types, and detection/prevention methods, including CISecurity Benchmarks, OWASP and NIST guidelines, etc.
  • Analytical thinking & problem-solving skills