Exelixis
Exelixis is hiring: Senior Staff Engineer - Cybersecurity Operations in Alameda
Exelixis, Alameda, CA, United States, 94501
Senior Staff Engineer - Cybersecurity Operations Exelixis is an oncology-focused biotech company innovating cancer treatments for life. Find out how we're dedicated to giving more patients hope for the future.
Join our highly skilled and rapidly growing cybersecurity team as a Senior Staff Engineer. In this role, you will be at the forefront of our cybersecurity operations, focusing on threat detection, incident response, and continuous monitoring to protect our organization's critical assets. This highly skilled individual will also work closely with product owners and business units outside Information Security to ensure that all applications, systems, and processes are secured and hardened.
The Sr. Staff Engineer - Cybersecurity implements, manages, and improves secure technology solutions for the organization's information systems. The role will develop and implement advanced threat detection and response strategies, conduct proactive threat hunting, and continuously evolve cybersecurity tools to mitigate, prevent, or detect new attacks. Collaborating with cross-functional teams, you'll enhance the organization's cybersecurity posture and ensure compliance with industry standards. Additionally, you'll maintain and improve SOC tools and processes, mentor junior analysts, and prepare detailed incident reports and recommendations for senior management.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Oversee the end-to-end threat management process, from initial detection and analysis to containment, eradication, and recovery. Ensure that all incidents are thoroughly investigated and documented, and that lessons learned are incorporated into future threat management strategies.
Lead and coordinate incident response efforts with different groups, ensuring timely and effective resolution of cybersecurity incidents.
Develop and maintain incident response plans and playbooks to guide the team during cybersecurity events.
Regularly assess the effectiveness of detection mechanisms and make necessary adjustments to improve accuracy and coverage. This includes conducting regular threat hunting exercises to identify gaps and areas for improvement.
Create and refine correlation rules within the SIEM to identify complex attack patterns and reduce false positives. This involves analyzing cybersecurity events and developing rules that accurately detect malicious activities.
Incorporate threat intelligence feeds into the team’s detection capabilities to stay updated on the latest threats and attack techniques. Use this intelligence to enhance detection rules and response strategies.
Utilize machine learning and behavioral analytics to identify anomalies and potential threats that traditional signature-based tools might miss. This includes analyzing user behaviors and network traffic to detect suspicious activities.
Regularly review and fine-tune the configurations of current cybersecurity tools such as SIEM, EDR, and IDS/IPS to ensure they are effectively detecting and alerting on potential threats.
Conduct and analyze phishing simulations to assess and improve the organization's resilience against phishing attacks. Develop training and awareness programs based on the results to educate employees on recognizing and responding to phishing attempts.
Work with various log sources and data feeds to enhance the visibility and detection capabilities of the team. This includes integrating logs from network devices, servers, applications, and cloud environments.
Create and maintain playbooks to standardize and automate threat response procedures. This includes developing automated workflows to streamline incident response, reduce response times, and improve the overall efficiency and effectiveness of the cybersecurity operations team.
Stay current with the latest threat landscape and emerging trends in cybersecurity to proactively identify and mitigate potential cybersecurity risks.
Contribute to the overall information cybersecurity strategy.
SUPERVISORY RESPONSIBILITIES:
No supervisory responsibility
EDUCATION/EXPERIENCE/KNOWLEDGE & SKILLS:
Education:
Bachelor’s degree in related discipline and 9+ years of related experience; or
Equivalent combination of education and experience
CISSP, CISM, CEH, OSCP, GIAC or similar cybersecurity certification required.
Experience:
Extensive experience in a SOC environment, with a strong background in threat detection, incident response, and threat hunting.
Proven experience in implementing and managing a SOAR (Security Orchestration, Automation, and Response) platform.
Experience with threat intelligence platforms and integrating threat intelligence feeds to cybersecurity tools to enrich threat detection.
Experience in proactive threat hunting to identify and neutralize emerging threats.
Experience with conducting and analyzing phishing simulations to enhance organizational cybersecurity awareness and resilience.
Demonstrated experience and success in designing and implementing a comprehensive cybersecurity architecture that protects an organization's information assets and enables it to achieve its business objectives.
Experience and successfully executing programs that meet the objectives of excellence in a dynamic business environment.
Experience in leading, planning, executing, and managing projects.
Experience or working knowledge of cloud, network, and application security.
Experience in Biotech/Pharma is a plus.
Knowledge/Skills/Abilities:
Proficiency with SOC tools and technologies such as SIEM (e.g., Splunk, QRadar), EDR (e.g., CrowdStrike, Cortex), and IDS/IPS (e.g., Snort, Suricata).
Strong scripting skills (e.g., Python, PowerShell) to automate tasks, enhance detection capabilities, and develop automation through a SOAR platform.
Ability to configure and fine-tune cybersecurity tools to maximize their effectiveness by integrating various log sources and data feeds to enhance visibility and detection.
Ability to work with various data sources to create high-fidelity alerts.
Knowledge of machine learning and behavioral analytics to identify anomalies and potential threats.
Ability to develop and refine correlation rules within SIEM to detect complex attack patterns, leveraging the MITRE ATT&CK framework.
Strong analytical skills to correlate events and make informed decisions based on data.
Ability to analyze user behaviors and network traffic to detect suspicious activities.
Ability to establish and maintain strong relationships with cybersecurity vendors.
Good understanding of cybersecurity frameworks and standards such as, but not limited to, NIST, ISO 27001, and PCI-DSS. Ability to interpret these standards and apply them to an organization's specific cybersecurity needs.
Extensive knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application whitelisting, and endpoint protection.
Excellent communication skills to effectively collaborate with cross-functional teams and present findings to senior management. Skilled in translating data-driven insights into clear narratives of risk and impact.
Resourceful and proactive to find innovative solutions to challenges.
A mindset focused on continuous learning and improvement.
Ability to lead by example and mentor other cybersecurity team members.
Ability to foster collaborative working relationships with technology groups and other stakeholders, including vendor relationships.
Thorough planning and tracking skills, well-organized, focused on results, capable of managing multiple projects, excellent time management with respect to priorities and self-management.
Outstanding judgment and problem-solving skills, including negotiation and conflict resolution.
Ability to work in a team environment, create timelines, and continually make necessary adjustments.
WORKING CONDITIONS:
Environment: primarily working indoors in an office environment
#J-18808-Ljbffr