Security Engineer in Houston, TX at Search Services

Date Posted: 7/30/2020

Job Snapshot

Job Description

Position Summary:

This role will be responsible for threat intelligence and alerts generated by our Cisco security toolset as well as, Office 365 security features, web-based security, email security and other security devices for threat detection and hunting. The position requires a solid understanding of cyber security tools, techniques and procedures, and an ability to develop informed and threat-driven analysis of security events. This work will focus on monitoring security events and producing a more complete understanding of our threats.

Other activities may include researching new threats/cyber related topics; performing discovery, detection and disruption activities; and developing reports on cyber-related information to management. Additionally, this role will may include more traditional security operations aspects including SSO, MFA, identity management, etc.

Duties and Responsibilities:

  • Operate and maintain on-premise and/or cloud-based security solutions
  • Review and analyze incoming alerts and cyber threat information for relevance to the security posture based on established business and intelligence requirements
  • Collaborate with IT and business stakeholders to understand and mitigate the security threats
  • Gather, contextualize, and convert alerts into security tasks that can be easily acted upon by appropriate staff
  • Develop and maintain appropriate documentation of security analysis and incident response functions
  • Use established workflows to process threat information (i.e., identify, highlight, document, and mitigate Information security issues and risks)
  • Develop and maintain behavioral- and signature-based threat-driven use-cases
  • Deliver results that are consistent, within given time frames and well documented
  • Identify opportunities for and drive improvements of internal processes, procedures, and workflows
  • Perform, on both a regular and ad-hoc basis, accurate information security reporting primarily from existing features of the current security tools

Qualifications:

  • Bachelor’s degree in IT related discipline
  • 7+ years of experience in related field
  • Experience with Cisco security solutions to include CES, Umbrella, AnyConnect VPN and AMP. Cisco ASA and FTD firewall experience is a plus
  • Preferred certifications (e.g., GCDA, GCFA, CSA+, GMON, and CEH)
  • Demonstrated problem solving and analytical skills, and willingness to learn new technologies and development methodologies
  • Specific experience with SIEM/SIEM-like technologies. Rapid7 InsightIDR experience is a plus
  • Experience in evaluating, assessing, and contextualizing device and network vulnerabilities
  • Experience with the security features of the Office 365 environment (e.g., RMS)
  • Experience with Microsoft AD design and architecture
  • Familiarity with identity and access management solutions
  • Experience with basic data and network analysis tools (e.g., Wireshark)
  • Experience with NIST SP 800-171 or 800-53 controls is a plus
  • PowerShell scripting experience
  • Strong verbal and written communication skills and experience explaining technical concepts to business teams