Senior Security Engineer – Cyber Security

Your Role in Action:

• Review, validation, and triage of alerts and technical analysis of log data from a diverse inventory of sensors, correlated signature logic, and threat intelligence sources. 
• Assess the impact of security events by leveraging host, cloud and network-based indicators and evidence to deliver actionable incident escalations.  
• Develop and deploy detection and prevention signatures with response actions as part of a layered defensive strategy leveraging multiple technologies and data types. 
• Build automation to search through collected telemetry to detect and isolate advanced threats that evade existing security solutions. 
• Create Standard Operating Procedures, SOC playbooks, configuration guides, and secure standards. 
• Automate incident handling processes. 
• Engage in the continuous research of emerging threats and apply appropriate countermeasures within the context of a rapidly changing environment. 
• Serve as a subject matter expert in the mechanism and analysis of observed malicious activity. 
• Clearly document and communicate investigation findings to both technical and executive stakeholders. 
• Identify and automate away technical burden. 
• Build automation to deploy, operate and connect multiple cyber security tools and applications 

Required Skills:

• 3+ years of experience in a Security Operations Center, Incident Response, or Threat Detection team 
• Strong cyber incident response skills (such as: Network forensics, memory forensics, and/or packet analysis)  
• Ability to read, write and analyze PowerShell, C#, and Python 
• Capability to independently manage the prioritization of complex security events  
• Advanced understanding of common SOC/CIRT operational processes and documentation  
• Advanced knowledge of TCP/IP, network services, cryptography, cloud, and web application attacks  
• Ability to collaborate within a global cross-functional team to execute on high-level objectives and drive the maturation of Relativity’s security posture 
• Deep understanding of infection mechanisms, malicious behavior, exploitation techniques, and mitigating controls  
• Good understanding of tools, tactics, and procedures utilized by attackers to access private systems and data  
• Strong analytical and problem-solving skills  
• Ability to leverage programming and scripting languages to build automations and develop SOAR playbooks 
Preferred qualifications:
• 5+ years of experience in a Security Operations Center, Incident Response, or Threat Detection team for Cloud applications and corporate networks 
• Exposure to threat detection development and tuning  
• Experience in software design and development 
• DevSecOps experience 
• Ability to perform threat hunting, threat emulation, and/or purple teaming exercises 
• Familiarity with industry standard security devices and their configuration  
• Experience in reverse engineeringmalicious code to explore infection and propagation mechanisms  
• Experience withthreat intelligence tools and processes 
• Certifications: One or more of the following certifications are preferred (GCFA, GCIA, GCIH, GNFA, GREM, OSCP, OSEP, OSED, OSWE, OSDA, OSCE3, CompTIA Security+, CCNA CyberOps, or CEH)