Cybersecurity SIEM Engineer

We are seeking a skilled Cybersecurity SIEM Engineer to join the County of San Diego Cybersecurity Threat & Vulnerability team. This role is critical to protecting and securing network environments through proactive monitoring, incident response, and advanced analysis.

WORK SCHEDULE: Pacific Time business hours

WORK LOCATION: Remote

-No security clearance is required.

-Must be a US Citizen or Green Card holder.

WHAT YOU'LL DO:

-Provide continuous monitoring support in a 24x7x365 environment.

-Share insights and intelligence derived from cybersecurity events with relevant stakeholders.

-Prevent and mitigate potential cybersecurity threats and vulnerabilities.

-Analyze network traffic and SIEM alerts to identify and remediate security issues.

-Investigate and respond to significant cybersecurity incidents and provide expert operational assistance.

-Contribute to the development and maintenance of security policies, procedures, and documentation.

-Conduct detailed threat analysis and recommend remediation strategies.

-Assess network events to determine potential impact and coordinate responses during incidents.

-Analyze malicious activities, exploitation methods, and related cybersecurity tactics.

-Work with stakeholders to address computer security incidents and ensure vulnerability compliance.

-Collaborate with cross-functional teams to ensure adherence to security standards and best practices.

-Perform real-time incident handling, including forensic analysis, intrusion correlation, and threat mitigation.

WHAT YOU'LL BRING:

-Intermediate to advanced expertise with Wazuh SIEM and XDR solutions.

-Bachelor's degree and at least 4 years of relevant experience; an additional 4 years of experience may substitute for a degree.

-One of the following certifications: CND, CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, or SSCP.

-Experience in Security Operations Centers, network event and/or threat analysis.

-Strong understanding of cloud computing technologies (IaaS, PaaS, SaaS) and traditional computing security architecture.

-Proficiency with log aggregation and security analysis tools.

-In-depth knowledge of the Incident Response Lifecycle, including application across diverse environments (cloud, legacy, hybrid).

-Ability to identify and recommend steps for cybersecurity remediation.

-Expertise in analyzing packet traffic and common attack types, encoding, and obfuscation methods.

-Excellent organizational, communication, and briefing skills.

PREFERRED

-Expertise in network architecture, design, and security.

-Experience with malware analysis (static and dynamic).

-Ability to detect host and network-based intrusions.

-Familiarity with key system files (e.g., log, registry, configuration files) and network alerts validation.

-Skill in creating signatures for network defense tools in response to emerging threats.

-Comprehensive knowledge of cyber-attack stages and various classes of cyber attackers.

Fortuna operates as a staffing agency engaged in sourcing, screening, and presenting potential candidates for employment opportunities on behalf of our clients.

Fortuna was founded in 2012 by practicing professionals with more than 50 combined years of experience. Our headquarters is in McClellan, California with offices in Los Angeles and New York, and satellite offices in the Philippines and Israel. Fortuna is an active member of multiple California service agreements, including the CMAS, ITMSA (Tier 2), and CalPERS SpringFed Pool, as well as multiple municipalities and large corporation vendor pools

Career Site: www.gofortuna.com.