Security Engineer - ELK | Remote US

United States


Coalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable programs that improve their security posture and fuel their continued success.

View company page

About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.  
But that’s not who we are – that’s just what we do. 
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.   
And we’re growing fast. 
We’re looking for a Senior Security Operations Engineer to support our Managed Services team.
This can be a remote position (must be located in the United States).
Position Summary
As a Senior Security Operations Engineer at Coalfire within our Managed Services group, you will be a self-starter, passionate about cloud security, and thrive on problem solving. You will work within major public clouds and best-of-breed tools, utilizing your technical abilities to monitor security for the most cutting-edge offerings from Cloud Service Providers (CSPs). This role directly supports leading cloud software companies to provide security of their SaaS product to the largest enterprises and government agencies around the world.

What You'll Do

  • Provide 24x7x365 security monitoring for multiple clients while working closely with DevOps and product teams
  • Work across a myriad of technology stacks in leading cloud providers like AWS, Azure, and GCP
  • Develop automated solutions for deploying Elastic stack components (Elasticsearch, Logstash, Kibana, Beats) in a repeatable and scalable fashion.
  • Working with Build and SRE teams to create deployment roles for all components of the Elastic Stack.
  • Documenting ELK best practices and creating deployment guides.
  • Monitoring and maintaining Stack and infrastructure performance.
  • Develop demos and proof-of-concepts that highlight the value of the Elastic Stack
  • Data modeling, query development and optimization, cluster tuning and scaling with a focus on fast search and analytics at scale
  • Analyze security events using logs and open-source knowledge to determine legitimate or false positive nature
  • Maintain a record of security monitoring activities via case management and ticketing technologies
  • Administer and monitor intrusion detection, file integrity, endpoint protection, log management and SIEM solutions
  • Integrate security tools using a wide variety of data sources that use various protocols
  • Design, build, and maintain environment-specific rules, alerts, and dashboards in SIEM tooling via custom queries
  • Consult with clients to customize and configure SIEM tools in order to meet security and compliance requirements
  • Communicate alerts to team members and clients related to security anomalies in the environment
  • Apply technical writing skills to create formal documentation such as analytical reports and briefings
  • Develop and maintain standard operating procedures and training materials
  • Participate in on-call rotations as needed to support client operational needs that may lay outside of business hours
  • Conduct testing and data reviews to evaluate the effectiveness of current security and operational measures
  • Assist with administration and maintenance of SIEM, Log Management, and Data Analytical Platform
  • Conduct System Health Checks on managed technologies and provide recommendations on performance improvements.
  • Schedule and run regular technical changes such as version updates, security patches, major software releases following best practices for change management policies and procedures
  • Aiding customer-initiated requests such as Log Source configuration, App installation, Data Parsing, Use Case Development, and Troubleshoot complex issues for managed technologies.
  • Create and maintain standard operating procedures, technical documents, and troubleshooting guidelines of security solutions.
  • Configure and troubleshoot managed security devices
  • Develop technical solutions to automate repeatable tasks
  • Provide overall guidance, instruction, and leadership to SOC analysts
  • Opening and following up on tickets and customer requests with 3rd party vendors
  • Utilize tools and analytical skills to investigate the root cause of issues across the technologies
  • Areas of responsibility will include onboarding new data sources, developing alerting, developing run books, conducting security investigations, responding to incidents,  and deploying security solutions in a rapidly growing environment

What You'll Bring

  • BS or above in related Information Technology field or equivalent combination of education and experience
  • 5-7 years of experience in 24x7x365 production security operations
  • 5-7 years of experience administering and operating security tooling such as SIEM, IDS, and endpoint protection
  • 4+ years of hands-on technical experience supporting cloud operations and automation in Azure, AWS, and/or GCP
  • Knowledge and experience with tools used to build threat detections (Elastalert, Logstash, Kibana (ELK), Linux Auditd)
  • Experience with vulnerability management tools and data to ensure secure, patched system resources
  • Must have ELK stack experience
  • Experience with ITSM solutions such as Jira and ServiceNow
  • Knowledge of scripting languages such as Python
  • Understanding of regular expression and query languages
  • Practical experience in administration of Linux infrastructure.
  • Experience in Information Security with a focus on incident response and security engineering
  • Experience analyzing events or incidents to triage the issue, find the root cause through log and forensic analysis, and determine security vulnerabilities, attacker exploit techniques, and methods for their remediation.
  • Experience developing playbooks, run books, troubleshoot technical issues, and recognize and identify patterns
  • Experience with AWS and vendor SaaS Integrations
  • Experience with automation, building security, and/or deploying tools
  • Proficiency with infrastructure as code, such as Terraform 
  • Excellent communication, organizational, and problem-solving skills in a dynamic environment
  • Effective documentation skills, to include technical diagrams and written descriptions
  • Ability to work independently and as part of a team with professional attitude and demeanor

Bonus Points

  • ELK Certification
  • EC-Council Certified Security Analyst (ECSA) or Certified SOC Analyst (CSA), CompTIA Cybersecurity Analyst (CySA+), GIAC certifications
  • Splunk Certified Enterprise Security Admin certification
  • Splunk Core Certified Advanced Power User certification
  • Previous experience supporting a 24x7x365 security operations for a SaaS vendor
  • Experience contributing to security incident handling and investigation, and/or system scenario recreation
  • Experience in malware analysis, threat intelligence, forensics, or penetration testing
  • Familiarity with Kali Linux, Wireshark, Metaspolit, IDA Pro, or open-source debuggers
  • Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc.
Why You'll Want to Join Us

At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. 

Regardless of location, you’ll experience a company that prioritizes connection and well being and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like flexible time off, certification and training reimbursement, and comprehensive insurance options.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $64,000 to $112,000 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. 

Apply now Apply later
  • Share this job via
  • or

Tags: Analytics Automation AWS Azure Cloud Compliance CompTIA CySA+ DevOps ECSA Elasticsearch ELK Exploit FedRAMP FISMA Forensics GCP GIAC HIPAA HITRUST IDS Incident response Intrusion detection Jira Kali Linux Malware Monitoring Pentesting Python SaaS Scripting SIEM SOC Splunk Terraform Threat intelligence Vulnerabilities Vulnerability management

Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Salary bonus Startup environment Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  10  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.