Senior Security Operations Engineer
New
C
CriblIT, Security
Remote - United StatesFull-TimeSenior
Salary128000 - 200000 USD per year
Apply NowOpens the employer's application page
Job Details
- Required Skills
- AWSPythonBashGCPOAuthRubyAzureNodeJS
Requirements
- Knowledge and experience in working with modern security principles e.g. security data lakes, detections as code, EDR, zero trust networking, and other security tooling
- Demonstrated experience with incident response and management
- Strong understanding of common attack frameworks (e.g., MITRE ATT&CK) and how to map detections to TTPs
- Understanding of authentication and authorization schemes such as SAML, OpenID, OAuth2, and SCIM
- Experience scripting/coding in at least one of the following languages: Python, NodeJS, Ruby, Bash
- Comfortable with ambiguity, have a strong analytical acumen, self-motivated, able to work cross-functionally
- Experience with SIEM platforms like Panther is a plus and its detection capabilities
- Familiarity with Wiz and cloud native security tooling for detection in AWS, Azure, or GCP
- Relevant certifications in cloud security or incident response (e.g., SANS GIAC certifications)
- Proven experience in developing, deploying, and maintaining detection rules (e.g., Sigma, YARA, Splunk SPL, KQL) across various security platforms
Responsibilities
- Provide knowledge and experience in working with modern security principles e.g. security data lakes, detections as code, EDR, zero trust networking, and other security tooling, as well as demonstrated experience with incident response and management.
- Be the go-to technical subject matter expert on security, compliance, and assurance topics
- Monitor security events and alerting via our security tooling, including MSSP, SIEM, AI, and CSPM tooling, to identify and triage potential threats
- Develop, implement, and maintain high-fidelity detection rules and alerts within SIEM and other security platforms (e.g., EDR, Cloud Security tools) based on threat intelligence, MITRE ATT&CK framework, and identified risks
- Conduct continuous tuning and optimization of existing detection logic to reduce false positives and improve detection efficacy
- Respond to issues identified by our Cribl employees
- Act as a security incident response lead, including leveraging and improving detection capabilities during investigations
- Build, enhance, and manage security playbooks, incorporating detection engineering best practices
- Conduct security assessments of corporate assets through vulnerability testing, threat hunts, and purple team activities, with a focus on identifying detection gaps and opportunities
- Perform both internal and external security reviews of corporate properties e.g., the corporate website and enterprise applications
- Lead security incident response tabletop exercises
- Continue to evolve and champion the use of Cribl products in our security tech stack to enhance detection, analysis, and response capabilities
- Collaborate with threat intelligence teams to integrate new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) into detection strategies
View Full Description & ApplyYou'll be redirected to the employer's site
