Senior Enterprise Security Engineer

Description:
**100% Remote**

The Senior Enterprise Security Engineer is responsible for Security Compliance (PCI DSS, FISMA, FedRAMP) and the global management and operations of DLP, SIEM, Endpoint Protection, EDR, WAF/DDoS tooling across the enterprise. This role will be focused on enterprise security functions and needs to be a subject-matter expert in compliance frameworks, risk identification, and mitigation, as it relates to infrastructure, network and application security. The Engineer also develops new security detection use cases to detect and prevent penetration, fraud and abuse within Stretto products. This position reports to the Director, Enterprise Security and is a key role within Stretto's IT organization.

This is a full-time, permanent opportunity, offering a competitive salary and comprehensive benefits package. Qualified applicants must be willing and able to work on a w2 basis.

Salary: $110K - $125k

Responsibilities:
Position Responsibilities may include:

• Leading and assisting with compliance needs and frameworks such as NIST, SOC2, CSA CCM, FedRAMP, PCI DSS.
• Engaging with collaboration and knowledge sharing efforts to assist team members with compliance needs and Stretto's security posture.
• Manages and provides expert level guidance on configuring WAF, SIEM, EDR, DLP and other security technologies across the enterprise environment.
• Collaborates closely with engineering teams across the organization to provide operational support for WAF, Bot Management, and DDoS protection.
• Leads attack simulation tests to validate detection use cases are identifying attack patterns within on-prem and cloud systems.
• Develops threat detection and automated threat remediation use cases utilizing SIEM and other technologies.
• Develops and advances security tooling in-house to detect and respond to custom use cases.
• Collaborates with the Enterprise Security team to continuously improve cybersecurity capabilities in identification, management, and response to threats in the most efficient and effective manner.
• Manages, administrates, and improves security monitoring products for WAF, SIEM, DDoS protection, and other industry standard security technologies.
• Leverages Threat Intelligence and performs threat hunting activities to identify compromised accounts and systems with EDR and other technologies.
• Proposes and helps review security plans and policies to improve the organization's security posture.
• Maintains operational playbooks, diagrams, and documentation for security detection and response.
• Reviews proposed security deployments to ensure security monitoring requirements are met.
• Other duties may be assigned as needed to address new security threats facing the enterprise.
• Utilizes MITRE ATTACK and industry standard frameworks to build and test detection use cases.
• Provides off-hour support as needed for security administration, detection, and response activities.

Experience Requirements:
Knowledge & Skills:

• 5+ years of experience in Cloud Infrastructure, Security and Networking
• 5+ years' experience in cloud networking (public, private and hybrid/multi cloud) technologies, particularly in the context of AWS, Azure and Google Cloud Platform.
• 5+ years related Security Engineering experience required
• Expert level knowledge with industry standards and frameworks such as NIST, PCI DSS, SOC2, ISO 27001, FedRAMP, FISMA
• Expert level knowledge on SIEM, DLP, EDR, WAF, Web Security, DDoS protection, data analytics, and Bot Management
• Experience with developing SIEM/SOAR detection and automation use cases.
• GSEC, GCIA, GFE, GCFA, CISA, CISSP, CISM, or CIA certification(s)

Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range.

W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality.
Please be advised- If anyone reaches out to you about an open position connected with Eliassen Group, please confirm that they have an Eliassen.com email address and never provide personal or financial information to anyone who is not clearly associated with Eliassen Group. If you have any indication of fraudulent activity, please contact

About Eliassen Group:

Eliassen Group is a leading strategic consulting company for human-powered solutions. For over 30 years, Eliassen has helped thousands of companies reach further and achieve more with their technology solutions, financial, risk & compliance, and advisory solutions, and clinical solutions. With offices from coast to coast and throughout Europe, Eliassen provides a local community presence, balanced with international reach. Eliassen Group strives to positively impact the lives of their employees, clients, consultants, and the communities in which they operate.

Eliassen Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Don't miss out on our referral program! If we hire a candidate that you refer us to then you can be eligible for a $1,000 referral check!