Sr. Cyber Defense Engineer

The Opportunity

This Sr. Cyber Defense Engineer role will join the Cyber Defense team to build out and manage information security solutions to provide advanced detective and preventive security controls for the world’s best email security company, Abnormal Security.  This is a remote work-from-home position based in the United States or Canada.

Who you are:

• Insatiably curious with a need to understand how things work 
• Tech savvy, hands-on builder 
• Self-directed; ability to collaborate is a must, but this role will be highly autonomous and able to investigate and innovate independently
• Works calmly under pressure and with tight deadlines
• Analytical, problem-solving mindset
• Highly organized and efficient
• Tactical and strategic thinker
• Committed to our core principles and mission; demonstrate them daily

What you’ll do: 

• Research, evaluate, install, configure, manage, and maintain cyber security solutions to include SASE, CASB, DLP, IAM, SAST/DAST/IAST, threat intelligence platforms, malware analysis sandboxes, etc.
• Monitor and manage the performance of security solutions, identifying, troubleshooting, and resolving any technical issues.
• Leverage expertise in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security and data networking, to offer global security solutions to complex challenges in a multi-cloud environment.
• Create automation and orchestration solutions to automate repetitive tasks.
• Identify and lead efficiency and improvement opportunities.
• Perform and support security event investigations, partnering with other departments (e.g., IT) as needed. 
• Define and implement best practices and procedures for security solutions.
• Mentor and teach advanced security engineering techniques to junior team members.
• Participate in and assist with regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Assist in threat modeling with other members of the security team.
• Assist with incident response as events are escalated, including triage, remediation and documentation.
• Maintain and preserve evidence and chain of custody.
• Investigate and document events to aid fellow incident responders, managers and other Cyber Defense team members on security issues and the emergence of new threats.
• Manage ticket request/incident statuses and provide timely follow up to internal and external customers
• Interface with internal and external customers to resolve issues, provide additional information, and answer questions
• Participate in projects/initiatives as needed

Experience you’ll need:

• 8-10 years’ experience in information technology, with at least 6 years in an information security role, ideally with significant security engineering experience (SIEM, SOAR, EDR, WAF, CASB, DLP, IR, etc.)
• Experience working in a 24x7 operational environment, with geographic disparity preferred.
• Experience with secure access service edge (SASE) solutions (including secure web gateway (SWG), cloud access security broker (CASB), and/or zero-trust network access (ZTNA), security information and event management (SIEM) systems, threat intelligence platforms, malware analysis platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), endpoint detection and response (EDR), identity and access management (IAM), cloud-hosted virtual machines and containerization solutions, and other network and system monitoring tools; ideally experience administering several of these solutions.
• Experience with cloud resources (AWS, Azure, Google Cloud), MacOS, and Linux required. 
• Experience with application security; SAST/DAST/IAST code scanning, and familiarity with CI/CD pipeline security best practices.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Expert knowledge/experience with attacker tactics, techniques and procedures (TTPs), and intrusion analysis frameworks such as the Lockheed Martin Cyber Kill Chain® and MITRE ATT&CK framework, as well as mapping attacks back to these frameworks.
• Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives and certifications such as Service Organization Control 2 (SOC 2), Sarbanes-Oxley Act (SOX), and the General Data Protection Regulation (GDPR).
• Security certification(s) preferred; CompTIA (Security+, CySA+, etc.), EC Council (CEH, CSA, etc.), ISC2 (CISSP, SSCP, etc.), SANS/GIAC (GCIH, GREM, GMON, GPEN, GWAPT, etc.), Solution-specific (certified in Splunk, CrowdStrike, Okta, Tenable, etc.)

More About Abnormal Security:

Abnormal Security is defining the next generation of email security defense. Our platform uses machine learning and artificial intelligence to baseline communication content, user identity, and behavioral signals in real-time and at-scale in order to detect the abnormalities of email attacks.  Customers love us because we consistently detect and stop what everyone else in the market can’t -- advanced attacks that have never been seen before -- and we do so with beautiful user interfaces and best-in-industry customer support.

Our veteran team has built some of the most enduring machine learning platforms at leading companies including Google, Twitter, Pinterest, Amazon, Microsoft, and Expanse. We are located in San Francisco,CA, New York, NY and Lehi, UT.

Our company is growing - we’re a certified Great Place to Work, on the Enterprise Tech 30 (for the second year in a row), on the Forbes AI 50, selected as a Gartner 2020 Cool Vendor, and our customer base includes multiple Fortune 500 companies.

Abnormal Security is committed to creating a diverse work environment. All qualified applicants will receive consideration without regard to race, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, or veteran status