Location: Lone Tree, CO
Description: Our client is currently seeking a Security Operations Engineer to work in it's Englewood office.
Position is remote to start, will require on-site work upon return to normal, but with continued remote flexibility.
Day to day-
• 24/7 Monitor email, SIEM and ticketing platform for incidents, respond based on the agreed severity level.
• Develop and maintain runbooks and Job Aids for all activities under scope.
• Work with different teams in unison outside the Cyber Security Operations Center such as Vulnerability Mgmt, Network Teams, OS teams, Pen testing.
• Analyze logs from SIEM, and other sources and be able to identify unauthorized activity
• Initiate and run conference bridges during a security incident and be visible on the bridge during the span of the call
• Handle and respond all cloud security incidents reported via ticketing platform (AWS, Azure, Google, Comcast Cloud)
• Develop playbooks using XSOAR tool on tasks that could be automated improve efficiency of the team
• Escalate critical incident to Higher tiers immediately without causing delays
• Assist vertical engineers in investigation by performing scans and searches on tools at our disposal (SIEM, Stealthwatch, DLP, NMAP, Scanners)
• Must possess solid understanding and at least three years of hands on experience in Security Incident Handling / Security System Administration in a large-scale network environment, or Large Enterprise, or equivalent work experience in a Managed Security Service Provider organization.
• Good knowledge on UNIX or Linux based applications (or) at least one year of experience administering UNIX or Linux systems in secure environments.
• Good understanding on Cloud security (AWS, Azure, Google)
• Good understanding and experience on security tools IDS, IPS, Firewalls, Proxies., Web Application Firewalls Etc
• Minimum 3 years in security incident response and technical forensics investigation.