Senior Security Engineer - SIEM (4-8 yrs)

Primary Responsibilities :

Security Operations Duties :

- Provide Level 2 support to a managed SOC and support monitoring security alerts and events from various sources, including corporate tools, WAF, security information and event management (SIEM) systems, and AWS to identify potential security incidents, intrusions and vulnerabilities.

- Conduct threat hunting and perform forensic investigations to identify indicators of compromise (IOCs) and patterns of malicious activity.

- Coordinate and manage incident resolution with cross-functional teams, including acting as Incident Commander during incidents to help provide 24/7 coverage with other team members.

- Support Cloud Detection & Response platforms to enable various automated notification and containment workflows.

Detection Engineering :

- Fine-tune and develop detection rules, configurations, and automations based on new threats, lessons learned, or environmental changes.

- Work with the managed SOC to develop custom playbooks.

- Where possible, write scripts and develop custom tools to automate the detection and response processes.

- Adhere to SSDLC best practices when writing scripts or developing tools.

- Identify any gaps in logging coverage to ensure we maintain the highest visibility into any threats to our environment.

- Manage Cloudflare security products for web application security, including WAF rules and DDoS protection.

- Collaborate with cross-functional teams to proactively detect and respond to potential security threats and ensure the overall security of our organization's digital assets.

Vulnerability Management :

- Monitor security advisories, threat intelligence feeds, and vendor updates for critical threats to drive action back into the enterprise/product organization.