Technology Opportunity in Financial Services
Senior Information Security Engineer
Location: 20 E Thomas Rd | Suite 2000, Phoenix, AZ 85012
**Remote candidates will be considered
The Senior Information Security Engineer performs and fulfills critical security operations roles associated with the Firm's commitment to timely monitoring and incident response. The selected candidate will participate as security operations engineer on a team that monitors, analyzes, and responds to information security related threats such as commodity malware, policy violations, and advanced persistent threats.
Members of the Security Operations team are also tasked with supporting the efforts of Threat Intelligence, Risk Management, and Forensics. Additionally, the Senior Information Security Engineer participates in projects and initiatives to help design and implement information security controls in processes and systems.
The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.
- Work as part of a team of Information Security professionals supporting a leading financial services institution
- Develop and upgrade dashboards, incident channels, filters, rules, and reports, as needed
- Integrate threat intelligence from both global and local sources with operational capabilities
- Build custom and advanced content for the use cases, which may include integration with other security operations tools
- Development of new content and tuning/filtering of existing content for SIEM, IDS, and other security technologies
- Partner with the SIOC (Security Intelligence Operations Center) along with others from Enterprise Technology Services to create detective and protective content for correlation and alerting
- Work with the SIOC team to perform post-mortem reviews of security incidents to identify opportunities to improve detection speeds, automation, orchestration, processes, etc.
- Perform root cause analysis on detection or alerting failures, document findings and collaborate with technology/process owners to prevent future occurrences
- Research, analyze and understand log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems.
- Automate manual processes via scripting
- Perform raw data review in threat hunting efforts to identify malicious activity for which signatures/content do not exist
- Assist management in ensuring the team is executing on core responsibilities such as working projects through to completion, ticket queue maintenance, documentation evergreen, training requirements, etc
- Work with management to define/update standard operating procedures and response plans
- Support efforts of internal and external security partners and cross-functional teams during all phases of the Incident Response process.
- Serve as a primary escalation point for security engineering issues or concerns
- Manage or contribute to projects that directly correspond to the maturity and/or capabilities of the Security Operations team.
- Support design initiatives, implementation and maintenance of information security technologies.
- Perform other security-related duties as requested
Education & Experience Requirements:
- Bachelor's degree in information technology or a related field preferred. Candidates with a minimum of a high school diploma (or equivalent) in combination with at least 5 years' experience in an information technology role, inclusive of at least 3 years in information security incident response related engineering will be considered.
- Advanced proficiency with Python, SQL, Elastic Search, Kibana, Logstash, Kafka, and PowerShell required
- Advanced knowledge of API driven systems integration and automation concepts
- Advanced understanding of Cisco security tools and capabilities such as Firepower NGFW, AMP, StealthWatch, etc.
- Advanced understanding of Microsoft security tools and capabilities such as M365 Security and Compliance center, MS Graph API, etc.
- Minimum of 3 years' experience utilizing HIDS/NIDS, SIEM, anti-virus, packet capture tools, host-based analysis technologies in a security analyst capacity
- Minimum of 3 years' experience analyzing log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems required
- Minimum of 3 years' experience with Windows and Unix/Linux command line
- Familiarity with the NIST cyber incident response and MITRE ATT&CK frameworks
- Advanced knowledge of computer networking: TCP/IP, routing and switching protocols
- Advanced knowledge of Incident Response methodologies and information security best practices/technologies
- Experience driving vendors and co-sourcing partners to successfully resolve problems
- Must be able to react quickly, decisively, and deliberately in high stress situations
- High level of ethics and core values
- A strong passion for learning
- Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate
- Excellent written and verbal communication skills
- Willingness to serve as a member of an Incident Response Team (IRT) which may require responding to emergency calls during non-business hours
- Highly motivated individual with the ability to self-start, prioritize, and multi-task
- Travel is expected [under 25%]
- Preferred certifications:
- CCNP Security
- GIAC IR/Forensics such as: GCIH, GNFA, GREM, or similar