Senior Cybersecurity Engineer

The Senior Cybersecurity Engineer is responsible for configuring the SOC/SIEM/Orchestration tools to maximize the impact of the SOC Analysts. In this role, the Detection Engineer brings their technical expertise to improve security tooling to reduce the noise of false positives, automate response for low level alerts and develop workflows for the SOC Analysts to review, respond and communicate security events. Using cutting edge technologies, the Detection Engineer will investigate security incidents, respond to incidents in real-time, and provide recommendations for mitigation and remediation, including more complex threats. This role is expected to participate in customer’s monthly review calls, mentor junior analysts and collaborate broadly with other stakeholders to improve monitoring and incident response processes.

What you’ll be doing:

• Analyzing security events and incidents to identify threats and vulnerabilities.
• Responding to security incidents, including containment, eradication, and recovery.
• Operating in a rotating 24x7 shift environment to include daytime, mid-shift, and weekends if required.
• Developing and utilizing Security Orchestration, Automation, and Response (SOAR) tools to streamline incident response processes.
• Working with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) tools to detect and respond to threats.
• Mentoring junior analysts, providing guidance and training on cybersecurity best practices.
• Assisting in the development and tuning of SIEM and analytics rules.
• Participating in monthly review calls with customers, providing updates on security incidents and overall security posture.

What does it take to succeed in this role?

• Bachelor’s degree in computer science, Information Security, or related field is preferred.
• Minimum of 5 years of experience in cybersecurity, with a focus on incident response and analysis.
• Deep understanding & familiarity with networking concepts & protocols (TCP/IP, UDP, DNS, DHCP, HTTP, etc.).
• Significant understanding & familiarity of Operating System fundamentals (Windows/Linux).
• Previous experience working in a SOC, with a preference for a service provider environment rather than an enterprise SOC.
• Strong understanding of cybersecurity principles and best practices.
• Deep understanding & experience with fundamental cyber security concepts, such as types of cyber-attacks.
• Experience working with SOAR, EDR, and XDR tools.
• Experience working on SIEMs.
• Ability to work independently and as part of a team.
• Excellent written and oral communication skills.
• Relevant certifications such as CISSP, CISA, or GIAC are a plus.