Information Security Operations Engineer - Onsite in Matamoros, Tamaulipas, MX

Position Summary

The Information Security Operations Engineer focuses on handling security incidents, forensic investigations, and enhancing our security posture using new and existing technology. This is an advanced role to help support, secure, manage, and deploy solutions that support business objectives. The role is highly technical, and candidates must possess a solid understanding of information security, infrastructure, software, and various operating systems. The role also requires an understanding of business goals/strategy and operational requirements in a fast-paced environment.

The Information Security Operations Engineer is responsible for designing security solutions that protect the business while also allowing the business to execute and innovate. The individual works closely with many diverse and dynamic teams, including, but not limited to, information security, IT infrastructure, application development, audit, and end users.

Throughout the role's key responsibilities, the Information Security Operations Engineer must always consider opportunities to identify potential risks as soon as possible, reduce remediation costs, and avoid unnecessary re-work.

Essential Job Duties

• Actively monitor and respond to security incidents and alerts using EDR and similar tools, ensuring timely mitigation and resolution.
• Assist with incident response and system stability issues as they occur. This may include involvement outside of regular work hours, and responsiveness is expected.
• Perform detailed forensic analysis on network traffic and logs to detect and trace signs of malicious activities and compromised systems across Windows and Linux environments, especially in cloud platforms.
• Develop and maintain Incident Response and Digital Forensics runbooks, ensuring they are up-to-date and comprehensive.
• Collaborate with IT and engineering teams to refine technology usage and security practices with technologies like SIEM, SOAR, IDS, HIPS, and Active Directory.
• Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
• Continuously improve the incident response program by integrating best practices and lessons learned from past incidents.
• Influence the planning and execution of incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Serve as a technical point of escalation within the SOC for complex security issues and coordinate multi-team response efforts efficiently across different time zones.
• Foster strong partnerships with various internal teams to enhance the organization's prevention, detection, and response strategies.
• Mentor internal staff and lead by example in both technical and procedural capacities.
• Consistently learn and share advanced skills and practices that promote team excellence. Drive security efficiencies, enabling security team members to work on more advanced tasks.
• Build relationships with key stakeholders to incorporate security principles into engineering design and deployments.
• Conduct and develop tabletop exercises to simulate security incidents and improve team readiness and response capabilities.
• Keep abreast of the latest cybersecurity threats and trends, adjusting defensive measures accordingly.
• Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership.
• Incorporate security requirements early and throughout project and development lifecycles.
• Implement solutions observing compliance with applicable laws, regulations, and frameworks, such as NIST, ISO 27001, GDPR, etc.
• Participate regularly in change project and change management meetings.
• Perform other duties as assigned.

Skills and Experience

• 1-3 years experience in information security, specifically in security operations and incident handling.
• Strong understanding of the incident response lifecycle and best practices in digital forensics.
• Excellent analytical and problem-solving skills, with the ability to handle high-pressure situations.
• Proficient with EDR/XDR tools such as Microsoft Defender, SentinelOne, CrowdStrike, etc.
• Experience in cloud computing technologies, including software-, infrastructure-, and platform-as-a-service, as well as public, private, and hybrid environments,  particularly Microsoft E5 products and their security and compliance capabilities.
• Practical experience with Jupyter Notebook, PowerShell, and/or Python for scripting and automation.
• Strong communication and collaboration skills, capable of working effectively across multiple teams and locations.
• Extensive knowledge of traditional security controls and technologies, such as security information and event management systems, intrusion detection and prevention systems, identity and access management systems, endpoint detection and response, data loss prevention, and firewalls.
• Experience working in a multicultural environment with colleagues in different countries.
• Analytical and problem-solving mindset.
• Highly organized and efficient self-starter requiring minimal supervision.
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well, including the ability to translate technical content into terms understandable by the business.

Education Requirements

• Higher education with a degree in information security, computer science, or related field or similar industry experience.

Certification Requirements

• GCIH, GSEC, Security+, CySA+, Microsoft Identity and Access Administrator, Microsoft Security Operations Analyst, Microsoft Azure Security Engineer, or comparable certification preferred.