New Position due to growth! This company is rapidly expanding and has created a new position on the security team. This is a highly employee centric company that prides itself on a positive culture and work/life balance.
The Senior Security Engineer Incident Response works in Information Security organization as a member of the Security Operations, Incident Response (IR), and Engineering team. The IR engineer will design, develop, and test implementation of Security logging solutions. The Security data platform is the repository for the collection, storage and correlation event data across the enterprise. They must rapidly identify, prioritize, and respond to various security events, compliance violations, policy breaches, cyber security attacks, and insider threats. The successful candidate will work within the Security Incident Response team, in partnership with Security Architecture, Security Operations & Engineering and Lines of businesses, in a hands-on environment; working with numerous and varied applications. The successful candidate will have a strong combination of practical networking, firewall management, proxy solutions, information technology, and security skills.
Responsible for initial triage of incoming support requests and issues. Will also handle the advanced issues and alerts escalated to them by IT and business customers and other Security Engineers.
Analyze and respond to security threats from various security platforms and technologies.
Support, troubleshoot, configure, manage, and upgrade FW, NIDPS, UTM, VPN, WAF and a wide variety of other security products.
Perform network troubleshooting to isolate and diagnose common network problems, using strong TCP/IP networking skills.
Respond in a timely manner (within documented SLA) to configuration, maintenance, incident management, and other requests.
Respond to needs and questions of customers concerning their access to network resources through their managed device.
Responsible for major Security platform changes including upgrades.
Responsible for mentoring and training of Security Engineers.
Responsible for testing and configuring new products and technologies. Provide technical inputs to management during proof-of-concept reviews for new security products.
Performs all administration, management, configuration, testing, and integration tasks related to the SIEM platform to include content creation, maintenance, and administration tasks.
Research, analyze and understand log sources utilized for the purpose of security monitoring, particularly security and networking devices (such as firewalls, routers, anti-virus products, proxies, and operating systems)
Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, log throughput validation and lifecycle management of the SIEM/Log Management platforms.
Education & Experience Required
• Minimum 3 years of experience in Information Security, Systems administration, Networking, or Incident response required.
• Minimum 3 years of related experience and/or training in a technology or incident response environment required.
• Minimum 2 years of full time experience with one or more of the following security products: AirWatch, Qualys, Encase, Threatgrid, Cellebrite, FTK, Check Point, FireAmp, Sourcefire, Elk, Tipping Point, Palo Alto Networks, Symantec, or other key security technologies.
• Significant experience with Linux, Windows and Network Operating Systems.
• Strong working knowledge of Access Control Devices (CounterAct, Carbon Black, FireAmp).
Preference could be given to candidates with a Bachelor's Degree and certifications (• Security+, GCED, GSEC, GCIA, GCFA, OSCP, GCTI, GNFA, CCNA, GREM)