Security Operations Engineer

Remote - Arlington, Virginia, United States

Full Time Mid-level / Intermediate
ThreatConnect, Inc. logo

ThreatConnect, Inc.

View all employer listings

Apply now Apply later

Company Background

ThreatConnect, Inc. provides cybersecurity software that reduces complexity for everyone, makes decision-making easy by turning intelligence into action, and integrates processes and technologies to continually strengthen defenses and drive down risk. Designed by analysts but built for the entire team (security leadership, risk, security operations, threat intelligence, and incident response), ThreatConnect’s decision and operational support platform is the only solution available today with cyber risk quantification, intelligence, automation, analytics, and workflows in one. To learn more, please visit www.threatconnect.com.

We offer a competitive benefits package with comprehensive insurance coverage, unlimited paid time off, and unique perks designed to help you meet your financial and personal goals.

We are committed to offering an employment experience and benefits package that enables you and your family to grow with us and to share in our success. We love to recognize our employees who have gone above and beyond, and offer incentives like quarterly awards, an employee bonus, and referral program, and team-building outings.

Job Description

The Security Operations Engineer serves as a defensive security expert for the ThreatConnect AWS SaaS infrastructures.

In this role you'll get to...

  • To drive security architecture discussions for the ThreatConnect SaaS AWS networks
  • Monitor network traffic and event logs for suspicious activities using GuardDuty, ELK, AWS logs, EC2 logs, SQL logs
  • Investigate network traffic and logs of interest
  • Perform vulnerability scans of EC2 instances, Docker images
  • Analyze the detected vulnerabilities for severity and provide remediation steps
  • Manage access to various critical systems
  • Coordinate external penetration testing on ThreatConnect SaaS applications
  • Participate in change management and perform security impact analysis for production system configuration changes
  • To participate in internal and external compliance audits such as ISO 27001 and SOC 2
  • To respond to and perform cyber forensic investigations for security incidents that may require working outside of the normal office hours
  • Other duties as assigned

1-3-6-12 Month Plan

In the first month we’ll expect you to…

  • Perform SIEM monitoring using ELK to detect unauthorized activities
  • Be able to perform OS vulnerability scans with Rapid7
  • Be able to review OS, software, and code vulnerabilities and help determine their contextual severity and remediation paths

At 3 months we’ll expect you to…

  • Be able to provide inputs on AWS security architecture and configurations of the SaaS networks based on industry standards and best practices
  • Draw from your previous experience and recommend security operations tools to support day-to-day operations

At 6 months we’ll expect you to...

  • Be able to confidently communicate information security practices and standards based on industry best practices
  • Develop operating procedures such as incident response, disaster recovery, and vulnerability management procedures
  • Participate in 24x7 on-call rotation for security-related events

At 12 months we’ll expect you to...

  • Become a key Security Operations Engineer accountable for the day-to-day information security functions
  • Interface with internal and external auditors for compliance audits
  • Partner with the Sr. Director of Security in InfoSec program strategic planning and development of short- and long-term goals

About the Team:

  • This role reports to the Senior Director of Security
  • You will be a part of the new SecOps team that is currently being built
  • You will be working with the other IT and Compliance engineers
  • Most of the team works remotely and collaborates heavily using Slack and Google Meet working sessions

Requirements

Required Qualifications

  • Bachelor’s degree in Computer Science/Cyber Security or related field
  • 3+ years of experience in AWS network engineering
  • 3+ years of experience in vulnerability management with tools such as Rapid7 or Nessus, NVD CVE, OWASP
  • 3+ years of experience in SIEM monitoring with tools such as ELK, Splunk, or Graylog
  • Solid understanding of AWS network architecture - specifically EC2, GuardDuty, S3, VPCs, security groups, backup services, databases (RDS, SQL, SAP HANA, Postgres)
  • Solid understanding of Linux, Linux CLE, shell, and SQL scripts
  • Strong understanding of encryption, secure communication, authentication, and network traffic analysis, OS hardening
  • Working understanding of configuration management tools such as Ansible, Terraform, Chef, Puppet, Docker containers
  • Strong communication (documentation and presentation) and analytical skills are required

Desired Qualifications

  • Previous SaaS security experience
  • Working understanding of CI/CD processes and software developed using Python and Java
  • Some certifications such as AWS Security, ethical hacking/OSCP, CISSP

Benefits

Work-Life Balance:

  • Unlimited Paid Time Off (PTO)
  • Employee recognition program with quarterly awards
  • Employee referral program
  • Military leave options available
  • Education reimbursement program for job-related college courses and professional training
  • Quarterly events with your geographic team
  • Annual company party

Medical:

  • MEDICAL PREMIUMS FOR INDIVIDUALS AND FAMILIES ARE 100% COVERED
  • Prescription drug coverage
  • Dental coverage
  • Vision coverage
  • Company-paid short term and long term disability
  • Company-paid insurance and AD&D coverage
  • Pet Insurance

Financial:

  • 401K retirement savings plan with company matching program up to 6%
  • Health Savings Account
  • Flexible Spending Accounts (medical, dependent care, and transit and parking)
  • Cell phone stipend
  • Paid Parental Leave
  • Paid Bereavement Leave

Research shows that while men apply to jobs when they meet about 60% of job criteria, women and individuals from marginalized groups tend to apply only when they check every box. If you think you have what it takes but you’re not sure that you check every box, apply anyway!

Job region(s): Remote/Anywhere North America
Job stats:  22  3  0
  • Share this job via
  • or

Explore more Information Security career opportunities