Security Engineer

Who You Are
You are a cybersecurity professional with several years of experience working in a security operations center. You have hands-on experience with security tools like SIEM, SOAR, EDR and IDS and applying these tools to defend an organization against modern threats. You are familiar with cybersecurity frameworks like NIST CSF and CIS as well as compliance certifications like ISO 27001 and PCI DSS 4.0. You are self-motivated and passionate, able to identify and action on areas of improvement with minimal oversight. You have an intimate knowledge of cyber threats and remain plugged in to the threat landscape, staying up to date on trends and adversarial activity. You’re a great communicator, able to explain complex technical topics to non-technical individuals. You are proficient in Python, able to automate repetitive tasks and create custom integrations between security tools.
The Opportunity
WatchGuard is growing its internal security operations organization to combat evolving cyber threats with an expanded Computer Security Incident Response Team (CSIRT). This team is instrumental for maintaining overall trust and risk management within WatchGuard. As a global cybersecurity vendor, at WatchGuard you’ll have ample opportunity to use the latest technologies and defend against the most sophisticated threats.As a member of the Security Operations Center, you will help shape WatchGuard’s cybersecurity strategy. Your coworkers will depend on you to help maintain business continuity through incident response activities, shaping corporate security policy, and deploying preventative controls. You both develop detection use cases and respond to the alerts that those use cases generate. Once you’re up to speed, you’ll join CSIRT’s 12 hour on-call rotation for security incident escalations to help guide incident response activities and reduce mean time to containment.As a Security Engineer, you must constantly learn, staying up-to-date on the latest attacker techniques and defender strategies. You must be proficient with automating activities wherever possible in order to succeed. This is an engineering minded team that must prioritize their work using a data-driven defense approach based off real world attacker behaviors.
A day in the life
As member of the Security Operations Center at WatchGuard, no two days will ever be the same. Every day you will help review and investigate security events, proactively threat hunt for indicators of compromise, and help improve WatchGuard’s security controls and policies. As a member of the CSIRT organization, you will make a meaningful impact on WatchGuard’s security posture, identifying and closing gaps in our controls and automating repeated tasks. Throughout the day, you’ll remain plugged-in to security news and threat intelligence feeds, using your knowledge to help WatchGuard defend against emerging threats.
Within one month, you will..•Become familiar with WatchGuard’s security policies and controls.•Begin investigating security events and proactively threat hunting across WatchGuard’s global networks.
Within three months, you will…•Share your knowledge by writing and improving playbooks•Identify areas for improvement across WatchGuard security operations and propose actionable solutions.•Drive automation throughout the security organization to improve efficiency.•Become familiar with WatchGuard security products.
Within six months, you will…•Develop bespoke applications to improve WatchGuards prevention, detection and response capabilities•Improve security event analytic logic to increase coverage and reduce false positives.•Help develop and maintain best practices and security standards for managing risk at WatchGuard.•Apply your knowledge and understanding of WatchGuard products to provide security guidance outside of the SOC•Continue to improve your own skillset in areas of information security, malware analysis, and/or ethical hacking.•Regularly contribute to thought leadership content, growing your brand as a security expert both within and outside of WatchGuard.