Sr. Information Security Engineer

Overview

The Sr. Information Security Engineer will report to the Sr. Manager of Security Operations and will be responsible for leading the detection engineering efforts for our SIEM and working with our Managed Security Service Provider (MSSP). This role will involve developing advanced detection capabilities, tuning and optimizing SIEM rules, and collaborating with the SOC team to enhance threat detection and incident response.

What You'll Do

•  Lead the design, implementation, and maintenance of advanced detection mechanisms within the SIEM.
• Develop, tune, and optimize SIEM rules and use cases to improve the accuracy and effectiveness of threat detection.
• Collaborate with the SOC team and MSSP to enhance threat detection and response capabilities.
• Integrate various log sources into the SIEM to ensure comprehensive visibility and monitoring across the environment.
• Conduct regular assessments of the SIEM configuration to identify and remediate gaps in coverage or performance.
• Analyze and interpret security logs and alerts to identify potential threats and vulnerabilities.
• Conduct attack simulations and penetration testing to validate and improve detection capabilities.
• Review and apply threat intelligence to the SIEM to stay ahead of emerging threats and vulnerabilities.
• Develop and implement automation playbooks for SOAR to streamline and enhance incident response processes.
• Provide guidance and mentorship to junior security engineers and SOC analysts on detection engineering and incident response best practices.
• Lead ticket queues, handle critical issues, and review operational metrics to ensure the effectiveness of detection and response efforts.
• Maintain good communication with partners, including senior management, to report on detection capabilities and security incidents.

What You'll Bring to the Table

• Bachelor’s degree in computer science, information security, or a related field preferred.
• 5+ years of experience in an Information Technology role 
• 5+ years of experience in information security, with a focus on detection engineering and SIEM management.
• In-depth knowledge of SIEM platforms and experience with rule development and optimization.
• Experience working with MSSPs and SOC teams to enhance detection and response capabilities.
• Solid understanding of log management, correlation, and analysis.
• Experience with integrating various log sources into SIEM platforms.
• Knowledge of security frameworks and standards, including NIST, ISO/IEC 27001, and PCI-DSS.
• Proficiency in network security tools and technologies, including intrusion detection/prevention systems, firewalls, and endpoint security solutions.
• Advanced knowledge of Windows and Linux operating systems and their security configurations.
• Strong analytical and problem-solving skills with the ability to interpret complex security data.
• Superb communication and collaboration skills, with the ability to simplify technical concepts for non-technical partners.
• Certifications such as CISSP, GIAC, or similar are preferred.