Security Engineer

Role Purpose
To support the Technical Solutions Team in defending, responding, reporting, mitigating, and restoring enterprise systems before, during and after any attempts at exploitation. As Security Engineer, your role will vary at time depending on the missions and threats. Your daily routine tasks will be focused on being an escalation point and support for the team. You will work with a variety of customers: governments, the SME sector, large companies, service providers and non-governmental organizations.

Key Accountabilities

• Responsible for the security architecture, managing Splunk infrastructure, azure infrastructure and use case creation
• Responsible for sustainment support of all delivered mission-specific IT equipment (hardware and software), including customized and standalone IT equipment to ensure availability.
• Manage SIEM, SOAR and security related device such as Firewall, IDS, EDR and DLP.
• Ensure the health of data sources feeding into the SIEM or other security related tools, such as system logs, application logs, firewall logs, packet captures.
• Assist with assessments and forensic analysis when directed.
• Collaborates with the SOC Team to ensure the organizations systems are operational and secure.
• Collaborates with SOC Team to plan, create and deploy the tools needed to achieve objectives.
• Assist in the development of internal operational architecture, tools, and procedures for ways to improve performance.
• Collaborate with development organizations to create and deploy the tools needed to achieve objectives.

Requirements:

• Good coding experience in Python, PowerShell, or Bash to automate routine tasks.
• Strong understanding of Splunk query language and architecture
• Ideally certified in Splunk and/or Azure
• A bachelor degree in a related field (IT, engineering) is preferred.
• At least 5 years of hands-on experience in security engineering, with a focus on developing and implementing security solutions.
• Proven experience with security technologies, system hardening, threat detection tools, and managing security protocols.
• Good knowledge of network and security tools such as Microsoft Azure Sentinel, Splunk, Juniper SRX, Cisco ASA, Palo alto, Fortigate and Security Onion.
• Strong understanding of network and system architectures, HLD and LLD
• Strong experience in of TCP/IP, Mitre ATT&CK and Cyber Kill Chain
• In-depth knowledge on security devices and applications such as DLP, Endpoint Security (Microsoft Defender, Carbon Black EDR, Velociraptor), Firewalls as well as authentication services like ACL, TACACS, RADIUS
• Strong understanding of Change Management and Incident handling

#BEACONRED