Security Operations Lead

About Onit
Onit is a global leader in enterprise workflow solutions for legal, compliance, sales, IT, HR, and finance departments. With Onit, companies can transform best practices into smarter workflows, better processes, and operational efficiencies. Onit focuses on enterprise legal management, matter management, spend management, contract lifecycle management, and legal holds, transforming how global Fortune 500 companies and corporate legal departments bridge the gap between systems of record and systems of engagement. 


Position Summary:
Onit, Inc. is looking for a Security Operations Lead to join our team to help secure our Enterprise SaaS applications and corporate infrastructure. To be successful in this role, you should have great people and technical skills and a passion for technology. The individual we look for is bright, creative and a problem solver. You must be able to multi-task in a fast-paced environment and be a self-starter with the ability to work independently.

Key Responsibilities:
 

• Lead the Security Operations team, providing SecOps support during US Central Time business hours.

• Manage and conduct vulnerability testing, penetration testing, and client security audits.

• Implement and manage cloud-native security tools and third-party solutions for threat detection and incident response.

• Define, maintain, and execute the Incident Response plan, investigating and resolving incident escalations.

• Perform regular risk assessments and vulnerability scans of cloud infrastructure, ensuring timely remediation.

• Collaborate with Dev, DevOps, and Infra teams to remediate identified vulnerabilities, discuss security best practices, and assist with security incident response.

• Analyze EDR alerts and logs to identify potential security incidents, taking appropriate action.

• Continuously evaluate and implement security tools and practices to enhance the security posture of the Onit environment.

• Develop and tune detection rules, alerts, and reports within SIEM tools to enhance threat visibility and response.

• Assist with the development and updates of Security Policies for SOC2 and ISO27001 compliance.

Qualifications and Skills:
 

• Minimum of 5 years of experience in information security, with at least 2 years focused on cloud security.
• Proficient in AWS with a strong understanding of AWS networking/VPC, IAM, Security Groups, EC2, RDS, S3, and containers (EKS/ECS).
• Knowledge of various AWS Native Security tools, security frameworks, and CSPM tools.
• Experience in security tools such as vulnerability scanners, IDS/IPS, firewalls, and endpoint security monitoring.
• Experience with threat detection and threat intelligence.
• Experience securing large-scale SaaS-based enterprise applications.
• Familiarity with security frameworks such as NIST and ISO 27001.
• Strong communication, problem-solving, and collaboration skills.

Desired:

• Experience in leading and mentoring a team, fostering a security-first culture.
• Certifications such as CCSP, AWS Security, OSCP, or equivalent are preferred.
• Experience with Cloudflare and/or AWS WAF configurations.
• Experience with AWS Guard Duty and CrowdStrike.