Junior Security Engineer (SIEM)
United States
Full Time Entry-level / Junior USD 80K - 102K
Coalfire
Coalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable…Position SummaryAs Vulnerability Management I Engineer at Coalfire within our Managed Services group, you will be a self-starter, passionate about cloud security, and thrive on problem-solving. You will provide strategy, leadership, and operational support of Vulnerability Management processes for clients with regulatory compliance requirements. The Managed Services team is responsible for identifying, assessing, and managing threats, vulnerabilities, and associated risks to clients’ information assets and resources. You will work within major public clouds and best-of-breed tools, utilizing your technical abilities to monitor vulnerabilities and recommend remediation or resolution.
What You'll Do
- Provide 24x7x365 security monitoring for multiple clients while working closely with DevOps and product teams
- Work across a myriad of technology stacks in leading cloud providers like AWS, Azure, and GCP
- Analyze security events using logs and open-source knowledge to determine legitimate or false positive nature
- Maintain a record of security monitoring activities via case management and ticketing technologies
- Administer and monitor intrusion detection, file integrity, endpoint protection, log management and SIEM solutions
- Integrate security tools using a wide variety of data sources that use various protocols
- Design, build, and maintain environment-specific rules, alerts, and dashboards in SIEM tooling via custom queries
- Consult with clients to customize and configure SIEM tools in order to meet security and compliance requirements
- Communicate alerts to team members and clients related to security anomalies in the environment
- Apply technical writing skills to create formal documentation such as analytical reports and briefings
- Develop and maintain standard operating procedures and training materials
- Participate in on-call rotations as needed to support client operational needs that may lay outside of business hours
- Conduct testing and data reviews to evaluate the effectiveness of current security and operational measures
- Assist with administration and maintenance of SIEM, Log Management, and Data Analytical Platform
- Conduct System Health Checks on managed technologies and provide recommendations on performance improvements.
- Schedule and run regular technical changes such as version updates, security patches, major software releases following best practices for change management policies and procedures
- Aiding customer-initiated requests such as Log Source configuration, App installation, Data Parsing, Use Case Development, and Troubleshoot complex issues for managed technologies.
- Create and maintain standard operating procedures, technical documents, and troubleshooting guidelines of security solutions.
- Configure and troubleshoot managed security devices
- Develop technical solutions to automate repeatable tasks
- Opening and following up on tickets and customer requests with 3rd party vendors
- Utilize tools and analytical skills to investigate the root cause of issues across the technologies
- Areas of responsibility will include onboarding new data sources, developing alerting, developing run books, conducting security investigations, responding to incidents, and deploying security solutions in a rapidly growing environment
What You'll Bring
- BS or above in related Information Technology field or equivalent combination of education and experience
- 1-2 years experience in 24x7x365 production security operations
- 1-2 years experience administering and operating security tooling such as SIEM, IDS, and endpoint protection
- 2+ years of hands on technical experience supporting cloud operations and automation in Azure, AWS, and/or GCP
- Experience with ITSM solutions such as Jira and ServiceNow
- Certifications such as Splunk Enterprise Certified Admin/Splunk Power User or ELK Certification.
- Experience configuring, implementing, and supporting Splunk Enterprise components deployed in the Cloud
- Understanding of regular expression and query languages
- Practical experience in administration of Linux infrastructure.
- Experience in Information Security with a focus on incident response and security engineering
- Experience analyzing events or incidents to triage the issue, find the root cause through log and forensic analysis, and determine security vulnerabilities, attacker exploit techniques, and methods for their remediation.
- Experience developing playbooks, run books, troubleshoot tech nical issues, and recognize and identify patterns
- Experience with AWS and vendor SaaS Integrations
- Experience with automation, building security, and/or deploying tools
- Excellent communication, organizational, and problem-solving skills in a dynamic environment
- Effective documentation skills, to include technical diagrams and written descriptions
- Ability to work independently and as part of a team with professional attitude and demeanor
- Previous experience in a professional services organization
- Previous experience supporting 24x7x365 security operations for a SaaS vendor.
Tags: Automation AWS Azure Cloud Compliance DevOps ELK Exploit GCP IDS Incident response Intrusion detection Jira Linux Monitoring SaaS SIEM Splunk Strategy Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Insurance Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs