Lead Engineer - IT Security

• Advanced incident investigation: Conduct deep-dive investigations into complex security alerts and incidents, correlating events across multiple security tools and logs (SIEM, EDR, network logs, cloud logs).
• Incident response leadership: Lead containment, eradication, and recovery efforts for security incidents, collaborating with IT, engineering, and other teams.
• Threat hunting: Proactively search for threats within our environment using threat intelligence, hypotheses, and advanced analytical techniques.
• Root cause analysis: Perform root cause analysis for security incidents and recommend preventative measures to enhance our defenses.
• Threat Hunting: Exercises and proactive detection activities. Stay updated on emerging threats, vulnerabilities, attack techniques, and security news
• Vulnerability Management: Conduct regular vulnerability scans and assessments using industry-standard tools and ASPM. Analyze scan results to identify and classify security vulnerabilities, understanding their potential impact and exploitability.
• Develop playbooks: Contribute to the creation and refinement of incident response playbooks, runbooks, and standard operating procedures, including SOAR.
• Security tool optimization: Recommend and assist with the configuration, tuning, and optimization of SIEM rules, EDR policies, and other security controls.
• Threat intelligence integration: Integrate and operationalize threat intelligence (IOCs) and TTPs to improve detection capabilities and inform proactive defense strategies.
• Reporting: Generate comprehensive incident reports and provide actionable insights to management.

Required Qualifications: 

• Minimum of 5 years of experience in a Security Operations Center (SOC) or a similar cybersecurity role
• Strong understanding of security frameworks (MITRE ATT&CK, NIST, ISO 27001, etc.)
• Hands-on experience with SIEM tools (e.g., Splunk, QRadar, Sentinel, etc.)
• Familiarity with EDR solutions (e.g., CrowdStrike, Carbon Black, Defender ATP)
• Solid knowledge of networking concepts, log analysis, and common attack vectors
• Experience in the incident response lifecycle, malware analysis, and threat hunting
• Ability to perform effectively in high-pressure situations and manage multiple incidents simultaneously
• Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience)

Preferred Skills and Certifications: 

• Certifications such as GCIA, GCIH, CEH, CISSP, OSCP, or Security+
• Experience with scripting (Python, PowerShell, Bash) for automation and log parsing
• Knowledge of cloud security monitoring (AWS, Azure, GCP)
• Experience with SOAR platforms and the automation of incident response workflows