Security Engineer (SPLUNK) | Remote US
United States
Full Time Mid-level / Intermediate USD 64K - 112K
Coalfire
Coalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable…Coalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.
But that’s not who we are – that’s just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
And we’re growing fast.
We’re looking for a Security Engineer to support our Cloud Services team.
This can be a remote position (must be located in the United States).
Position Summary
As Security Engineer at Coalfire within our Cloud Services group, you will be a self-starter, passionate about cloud security, and thrive on problem solving. You will provide operational support of Vulnerability Management processes for clients with regulatory compliance requirements. The SecOps team is responsible for identifying, assessing, and managing threats, vulnerabilities, and associated risks to client's information assets and resources. You will work within major public clouds and best-of-breed tools, utilizing your technical abilities to monitor vulnerabilities and recommend remediation or resolution.
What You'll Do
- Join a highly collaborative security operations team delivering vulnerability management services to Cloud Service Providers, and other organizations operating highly regulated environments.
- Communicate alerts to clients related to security anomalies in the environment.
- Assist customers with scanning their FedRAMP environment and managing false positives.
- ·Create a Plan of Action and Milestones (POAM) based on customer scan data.
- Communicate with internal management to provide insights and proposed remediation strategies.
- Create formal documentation, reports, and briefings using technical writing skills.
- Act as a liaison between the vulnerability management team, SRE teams, and customer teams.
- Configure and troubleshoot scanning devices.
- Develop technical solutions to automate repeatable tasks.
- Provide overall guidance, instruction, and thought leadership to clients and team members.
- Opening and following up on tickets and customer requests.
- Utilize tools and analytical skills to investigate the root cause of issues across the technologies.
- Provide oversight and orchestrate key parties from Coalfire and client teams during escalations with a focus on expedited resolution.
What You'll Bring
- US citizenship (required due to client contractual requirements)
- Experience supporting clients in a managed service organization.
- Familiarity with ITSM solutions (e.g., Jira, ServiceNow) and meeting SLAs.
- 2-4 years of experience in professional services, vulnerability management, and compliance monitoring.
- Skills in web application testing, API testing, and network testing.
- Previous experience with tools like Burp Suite Professional or similar DAST tools.
- Ability to analyze information security vulnerabilities and collaborate with teams for remediation.
- Experience with container scanning tools (Prisma/Aquasec/Defender) preferred.
- Experience developing playbooks, runbooks, and troubleshooting technical issues.
- Knowledge of vulnerability scoring systems (CVSS/CMSS).
- Experience with vulnerability scanning tools (e.g., Nessus, Burp Suite).
- Ability to analyze vulnerabilities and adjust risk ratings based on internal factors.
- Familiarity with OS Baseline Configuration standards (e.g., CIS Critical Security Controls Scanning).
- Excellent communication, organizational, and problem-solving skills.
- Experience working with auditors to ensure adherence to controls, policies, and standards.
- Strong documentation skills, including technical diagrams and descriptions.
- Ability to work independently and as part of a team with a professional attitude and demeanor.
- Critical thinking, and ability to balance environmental requirements with mission needs.
- BS or above in a related Information Technology field or equivalent combination of education and experience
Bonus Points
- Previous experience supporting a 24x7x365 security operations for a SaaS vendor
- PCI ASV, CISSP, CISA certifications.
- Certifications in Cloud Vendors, as well with organizations such as PMP, CISSP, CISM, or CISA
- Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc.
At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.
Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $64,000 to $112,000 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
#LI-Remote#LI-JB1
Tags: APIs AquaSec Burp Suite CISA CISM CISSP Cloud Compliance CVSS DAST FedRAMP FISMA HIPAA HITRUST Jira Monitoring Nessus POA&M SaaS SecOps SLAs SOC Splunk Vulnerabilities Vulnerability management Web application testing
Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Insurance Parental leave Salary bonus Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs