Security Engineer - ELK | Remote US

What You'll Do

• Provide 24x7x365 security monitoring for multiple clients while working closely with DevOps and product teams
• Work across a myriad of technology stacks in leading cloud providers like AWS, Azure, and GCP
• Develop automated solutions for deploying Elastic stack components (Elasticsearch, Logstash, Kibana, Beats) in a repeatable and scalable fashion.
• Working with Build and SRE teams to create deployment roles for all components of the Elastic Stack.
• Documenting ELK best practices and creating deployment guides.
• Monitoring and maintaining Stack and infrastructure performance.
• Develop demos and proof-of-concepts that highlight the value of the Elastic Stack
• Data modeling, query development and optimization, cluster tuning and scaling with a focus on fast search and analytics at scale
• Analyze security events using logs and open-source knowledge to determine legitimate or false positive nature
• Maintain a record of security monitoring activities via case management and ticketing technologies
• Administer and monitor intrusion detection, file integrity, endpoint protection, log management and SIEM solutions
• Integrate security tools using a wide variety of data sources that use various protocols
• Design, build, and maintain environment-specific rules, alerts, and dashboards in SIEM tooling via custom queries
• Consult with clients to customize and configure SIEM tools in order to meet security and compliance requirements
• Communicate alerts to team members and clients related to security anomalies in the environment
• Apply technical writing skills to create formal documentation such as analytical reports and briefings
• Develop and maintain standard operating procedures and training materials
• Participate in on-call rotations as needed to support client operational needs that may lay outside of business hours
• Conduct testing and data reviews to evaluate the effectiveness of current security and operational measures
• Assist with administration and maintenance of SIEM, Log Management, and Data Analytical Platform
• Conduct System Health Checks on managed technologies and provide recommendations on performance improvements.
• Schedule and run regular technical changes such as version updates, security patches, major software releases following best practices for change management policies and procedures
• Aiding customer-initiated requests such as Log Source configuration, App installation, Data Parsing, Use Case Development, and Troubleshoot complex issues for managed technologies.
• Create and maintain standard operating procedures, technical documents, and troubleshooting guidelines of security solutions.
• Configure and troubleshoot managed security devices
• Develop technical solutions to automate repeatable tasks
• Provide overall guidance, instruction, and leadership to SOC analysts
• Opening and following up on tickets and customer requests with 3rd party vendors
• Utilize tools and analytical skills to investigate the root cause of issues across the technologies
• Areas of responsibility will include onboarding new data sources, developing alerting, developing run books, conducting security investigations, responding to incidents,  and deploying security solutions in a rapidly growing environment

What You'll Bring

• BS or above in related Information Technology field or equivalent combination of education and experience
• 5-7 years of experience in 24x7x365 production security operations
• 5-7 years of experience administering and operating security tooling such as SIEM, IDS, and endpoint protection
• 4+ years of hands-on technical experience supporting cloud operations and automation in Azure, AWS, and/or GCP
• Knowledge and experience with tools used to build threat detections (Elastalert, Logstash, Kibana (ELK), Linux Auditd)
• Experience with vulnerability management tools and data to ensure secure, patched system resources
• Must have ELK stack experience
• Experience with ITSM solutions such as Jira and ServiceNow
• Knowledge of scripting languages such as Python
• Understanding of regular expression and query languages
• Practical experience in administration of Linux infrastructure.
• Experience in Information Security with a focus on incident response and security engineering
• Experience analyzing events or incidents to triage the issue, find the root cause through log and forensic analysis, and determine security vulnerabilities, attacker exploit techniques, and methods for their remediation.
• Experience developing playbooks, run books, troubleshoot technical issues, and recognize and identify patterns
• Experience with AWS and vendor SaaS Integrations
• Experience with automation, building security, and/or deploying tools
• Proficiency with infrastructure as code, such as Terraform 
• Excellent communication, organizational, and problem-solving skills in a dynamic environment
• Effective documentation skills, to include technical diagrams and written descriptions
• Ability to work independently and as part of a team with professional attitude and demeanor

Bonus Points

• ELK Certification
• EC-Council Certified Security Analyst (ECSA) or Certified SOC Analyst (CSA), CompTIA Cybersecurity Analyst (CySA+), GIAC certifications
• Splunk Certified Enterprise Security Admin certification
• Splunk Core Certified Advanced Power User certification
• Previous experience supporting a 24x7x365 security operations for a SaaS vendor
• Experience contributing to security incident handling and investigation, and/or system scenario recreation
• Experience in malware analysis, threat intelligence, forensics, or penetration testing
• Familiarity with Kali Linux, Wireshark, Metaspolit, IDA Pro, or open-source debuggers
• Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc.