Security Operations Engineer

• 1 year assignment
• Must live within commuting distance of Woodbridge, NJ
• No 3rd Party Companies

Security skills and tools: Carbon Black, Imperva, Varonis, Tripwire, Forescout, Symantec Cloud Access Security Broker (CASB), SecureMail, Symantec WebPulse, VMRay, Symantec Web Security Service
Desired Security Certificates: Security+ from CompTIA, GIAC Security Essentials (GSEC), Certified Ethical Hacker (CEH), or other related Information Security certificates
Desired Skills & Experience - ITIL-based training, experience, or certifications on SIEM are a plus
Network firewall knowledge is a plus Familiar with Oracle Databases is a plus
Security Operations Engineer

• We are seeking a Security Operations Engineer who delivers outstanding service and communicates with clarity and professionalism.
• The ideal candidate brings strong attention to detail, empathy when supporting clients and colleagues, and a disciplined approach to creating and maintaining documentation. In this role, you will contribute meaningfully within a collaborative team while focusing on protecting the organization's digital assets by auditing and remediating user identities and privileges, strengthening governance processes, and enhancing the monitoring of technology risk. You will also play a proactive role in identifying and addressing Active Directory vulnerabilities and resolving access-related security issues.

KEY RESPONSIBILITIES: Identity & Account Governance

• Identify and resolve expired or overdue passwords across all identity systems.
• Perform regular Active Directory health checks and cleanup tasks, including locating and disabling stale user and computer accounts.
• Review and optimize service accounts to ensure proper permissions, correct system scope, and compliance with password policies.
• Verify that Multi-Factor Authentication, such as Duo, is correctly enforced for critical and high-risk accounts.
• Ensure accounts are used only in their designated environments to prevent cross-environment access, such as development accounts being used in production.
• Identify and remove unnecessary local administrative privileges on workstations and servers to support a strong least privilege model.
• Detect and resolve duplicate credentials within Azure Active Directory to ensure consistent and secure identity management.

Security Monitoring & Analysis

• Help develop and improve security monitoring and detection use cases in Splunk and other monitoring platforms.
• Support the investigation and response process for security alerts from tools such as Threat Command, Canary, ExtraHop, and CrowdStrike Identity.
• Develop and improve security monitoring use cases in Splunk and other SIEM tools to strengthen threat detection.
• Monitor and respond to potential security alerts from systems such as EDR, network anomaly detection, and identity protection
• Create and maintain response templates to guide consistent handling of security incidents and common red flag scenarios.

Vulnerability Management

• Assist in identifying outdated applications and work with teams to address the security risks they introduce.
• Research and evaluate threat intelligence to identify relevant vulnerabilities and emerging attack techniques.
• Use tools such as BloodHound and PingCastle to find and remediate Active Directory security weaknesses.
• Identify vulnerable or unsupported applications across the enterprise and coordinate their remediation.

REQUIREMENTS:

• Strong written and verbal communication skills.
• Undergraduate degree in a technology related field such as computer science, EMIS, systems engineering, or electrical engineering.
• Proven ability to take initiative, manage time effectively, and follow tasks through to completion.
• One to three years of experience in Information Security; more than four years is preferred.
• Experience working with both on premise and AWS environments.
• Solid understanding of security principles, network communication models, and related protocols.
• Familiarity with ServiceNow or similar workforce or system of record platforms.
• Hands on experience managing and responding to security alerts.
• Experience performing phishing analysis and working with web proxies, endpoint detection and response tools, and database monitoring solutions.
• Strong understanding of Active Directory security group structures and lifecycle management.
• Experience reviewing industry or third party threat intelligence and integrating findings into a security environment.
• Working knowledge of network operations and troubleshooting.
• Demonstrated ability to create runbooks, knowledge articles, and process documentation to support routine reporting and operational tasks.
• Strong critical thinking skills and the ability to resolve security incidents effectively.

Additional Information

• All candidates are encouraged to apply, but many positions require a strict drug and background check by our customers.
• F2OnSite supports and adheres to all state laws regarding background checks.
• This position requires specific work hours to be adhered to. Typically the work hours are not flexible, so you must be able available to work during those hours.