Specialist, Security Engineering & Threat Management

We are looking for an intermediate level security specialist to join our Global Cybersecurity Services Team. As part of our modern cybersecurity operating model, the role will be engaged in enhancing our security technology stack, building AI driven security automation workflows and contributing to security operations and threat management. We are building a modern, multi-cloud, intelligence driven security operations capability that will heavily involve AI and automation; and will require engineering and operational skills at all levels. 

Responsibilities

• Threat Alert Reviews and Investigations - deep dive into alerts sent to security operations, performing log review and root cause analysis. Proficient in performing investigations using open source and proprietary tools, including but not limited to - EPP/EDR/XDR software, Digital Forensics tools/software, SIEM platforms, etc.
• Security Engineering - Build, maintain and enhance our security operations technology stack, which includes next generation SIEM and SOAR solutions. Build and enhance security logging and detection engineering practices, manage the detection use case life cycle. Relentlessly automate and creatively incorporate AI into workflows.
• Threat Intelligence Collection - Gather and analyze data from diverse sources, including OSINT, dark web forums, commercial feeds and internal telemetry.
• Threat Analysis - Assess threat actor capabilities, motivations, TTPs; perform targeted attack analysis, attribution analysis and recommend improvements for the global security program and/or specific security control domains.
• Making Threat Intelligence Actionable - Translate intelligence (operational/tactical/strategic) into actionable outputs.
• Collaboration & Incident Support - Partner with other security stakeholders to contextualize threats, provide CTI insights during incidents and prioritize defensive actions.
• Security Projects - Lead projects and initiatives that may involve - Endpoint Security enhancements, Threat Hunting, Compromise Assessments, Network/Endpoint security reviews, etc. 
• Leadership - Be comfortable with cross-functional leadership and stakeholder management. Be willing to mentor and contribute to the growth and capability of the team. 

Requirements

• 5-7 years of experience in Information Security, with technical hands-on experience in Security Engineering, Security Operations, Cyber Threat Intelligence, Security Engineering, Digital Forensics, Incident Response, Endpoint Security or Cloud Security. 
• Working Experience with SIEM, EPP/EDR/XDR, SOAR, Threat Intelligence Platforms (TIPs), Open Source Threat Intelligence solutions (eg. MISP, OpenCTI, etc).
• Working experience with Cloud environments like AWS, Azure and GCP.
• Working experience in Cyber Threat Intelligence roles (Analyst, Engineer, Consultant).
• Working experience in the practical implementation of operational, tactical and strategic threat intelligence.
• Experience in applying AI/ML in cybersecurity use cases. 
• Experience in using scripting languages to automate tasks and manipulate data or programming experience.
• Highly self-motivated, attention to detail and outcome driven.
• Proficiency in verbal and written English.