Information Security Operations Engineer
Media, PA
- Added Apr 8, 2022
Full Description:
The Information Security Operations Engineer assists in the design, implementation and tier 3 support of various endpoint and cloud technologies in the enterprise. This role will have functional knowledge in the areas of threat detection/prevention, endpoint detection and response (EDR), host intrusion prevention, device encryption, data loss prevention, application allowlisting, sandboxing, Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR) and cloud service management.
. The specific role is for day to day management, upgrades and tier 3 support of Delinia Secret Server (formerly Thycotic), Broadcom VIP (formerly Symantec), Mimecast, Trellix endpoint (formerly McAfee). The first two projects would be a migration from one instance of Secret Server to another and implementation of additional Mimecast features.
Principal Duties:
Technical experience with multiple security controls and tools including SIEM, SOAR, EDR, network monitoring, IPS, cloud security tools and DLP.
Assist in building and deploying new tools and platforms that help automate, streamline and scale security operations on-premises and within AWS/O365 cloud environments.
Provide continuous monitoring, maintenance and support of new and existing security toolsets and systems to endure resilience, reliability and scalability.
Consult with Risk and Compliance team to review security toolset policies are effective at mitigating current industry threats.
Assist with tuning alerts in AWS Guard Duty and Azure Sentinel.
Assist with validating key alerting use cases in SIEM.
Assist with use case creation including reporting and automation.
Monitor for external threats, assessing risk to the environment and driving proactive risk mitigation and response activities.
Monitor endpoint products for vulnerabilities and bug fixes and develop plan to deploy.
10. Assist in development of metrics to provide to IT leadership.
11. Provide up to date diagrams and support procedures for tier 1 and 2.
12. Act as tier 3 escalation point for security requests and incidents.
13. Create the necessary interpersonal networks among information security and IT to perform job function.
14. Maintain external networks consisting of industry peers, vendors and other relevant parties to address common trends, findings, threats, and cybersecurity risks.
15. Maintain foundational knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.
16. Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.
Essential Functions:
Excellent written and verbal communication skills, interpersonal and collaborative skills.
Up-to-date knowledge of methodologies and trends in both information security and IT.
Must be a critical thinker, with strong problem-solving skills.
Ability to lead small internal Endpoint Protection related tools and technology projects with dependencies on external IT teams.
Foundational knowledge of AWS Guard Duty and Azure Sentinel.
High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
Maintain a working environment conducive to positive morale and teamwork.
Ability to be on-call 24x7x365 rotation for information security incidents.
Basic Requirements:
Minimum of 3 years experience in a combination of incident response, information security and IT.
Development experience with scripting languages such as Python, JavaScript and/or PowerShell preferred.
Basic understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
Degree in technology-related field preferred, or equivalent work- or education-related experience.
Professional security or information technology certification is desirable, such as CISSP, Splunk Core Certified User, Network+ and Security+.
Foundational knowledge of incident response standards such as NIST 800-61, Computer Security Incident Handling Guide and ISO/IEC 27035:2016, information security incident management
Foundational knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
. The specific role is for day to day management, upgrades and tier 3 support of Delinia Secret Server (formerly Thycotic), Broadcom VIP (formerly Symantec), Mimecast, Trellix endpoint (formerly McAfee). The first two projects would be a migration from one instance of Secret Server to another and implementation of additional Mimecast features.
Principal Duties:
Technical experience with multiple security controls and tools including SIEM, SOAR, EDR, network monitoring, IPS, cloud security tools and DLP.
Assist in building and deploying new tools and platforms that help automate, streamline and scale security operations on-premises and within AWS/O365 cloud environments.
Provide continuous monitoring, maintenance and support of new and existing security toolsets and systems to endure resilience, reliability and scalability.
Consult with Risk and Compliance team to review security toolset policies are effective at mitigating current industry threats.
Assist with tuning alerts in AWS Guard Duty and Azure Sentinel.
Assist with validating key alerting use cases in SIEM.
Assist with use case creation including reporting and automation.
Monitor for external threats, assessing risk to the environment and driving proactive risk mitigation and response activities.
Monitor endpoint products for vulnerabilities and bug fixes and develop plan to deploy.
10. Assist in development of metrics to provide to IT leadership.
11. Provide up to date diagrams and support procedures for tier 1 and 2.
12. Act as tier 3 escalation point for security requests and incidents.
13. Create the necessary interpersonal networks among information security and IT to perform job function.
14. Maintain external networks consisting of industry peers, vendors and other relevant parties to address common trends, findings, threats, and cybersecurity risks.
15. Maintain foundational knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.
16. Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.
Essential Functions:
Excellent written and verbal communication skills, interpersonal and collaborative skills.
Up-to-date knowledge of methodologies and trends in both information security and IT.
Must be a critical thinker, with strong problem-solving skills.
Ability to lead small internal Endpoint Protection related tools and technology projects with dependencies on external IT teams.
Foundational knowledge of AWS Guard Duty and Azure Sentinel.
High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
Maintain a working environment conducive to positive morale and teamwork.
Ability to be on-call 24x7x365 rotation for information security incidents.
Basic Requirements:
Minimum of 3 years experience in a combination of incident response, information security and IT.
Development experience with scripting languages such as Python, JavaScript and/or PowerShell preferred.
Basic understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
Degree in technology-related field preferred, or equivalent work- or education-related experience.
Professional security or information technology certification is desirable, such as CISSP, Splunk Core Certified User, Network+ and Security+.
Foundational knowledge of incident response standards such as NIST 800-61, Computer Security Incident Handling Guide and ISO/IEC 27035:2016, information security incident management
Foundational knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
Apply for Information Security Operations Engineer
Fill out the form below to submit your information for this opportunity. Please upload your resume as a doc, pdf, rtf or txt file. Your information will be processed as soon as possible.
Return to IT Job Search
