IT - Security Engineer III (B03012)
Remote Locations: Portland, OR, Seattle, WA or Salt Lake City, UT
Responsibilities & Requirements:
The Incident Response and Penetrating Testing Security Engineer is a subject matter expert for advanced threat detection within the Information Security team, responsible for designing, implementing, and managing security tools and techniques used to help protect our members. This candidate will have proven experience and knowledge of Security Information and Event Management (SIEM) technologies, threat intelligence, and enterprise defenses are essential.
General Job Functions:
- Develop SIEM / User Behavior Analytics (UEBA) use cases, rulesets, and content definitions based on numerous intelligence and detection products.
- Coordinate security response and remediation efforts based off of curated cyber threat intelligence feeds.
- Perform analysis and response actions from SIEM, Endpoint Detection and Response (EDR), and other security technology alerts and logs.
- Develop advanced queries within SIEM and other scripting tools.
- Build automated responses for common alerts utilizing scripting languages, such as Python, PowerShell, or Bash.
- Follow change/release management procedures applicable for production environments.
- Equivalent to 3+ years proven experience in the cyber security field and professional experience writing SIEM content and/or college degree, preferably in IT or cybersecurity field
- Professional security certifications (GCIA, CEH, CISSP, OSCP, other)
- Prior experience working in a Security Operations Center; working with Endpoint Detection & Response (EDR) products; Elastic Stack, Splunk, Securonix or equivalent
- Demonstrated technical writing skills and the ability to explain complex problems to non-technical teams
- Deep understanding of cybersecurity threats and enterprise defenses; ideal candidate will have prior experience as a security analyst/engineer/architect, penetration tester, red/blue teamer, or related position.
- Strong interpersonal and communications skills
- Understanding of Incident Response processes and Windows/Linux incident handling.
- Ability to conduct advanced operations to validate security controls utilizing offensive techniques.
- Knowledge of Cloud technologies, such as AWS, GCP, and Azure a plus.
- Knowledge of Securonix analytics platform a plus.