Sr. Security Engineer

Security, SIEM, Incident Response, Splunk, IBMs QRadar, HPs ArcSight, LogRythym, AlienVault, Nitro, Imperva
Full Time, Full Time/Permanent
$125-180K + Bonus
Telecommuting not available Travel not required

Job Description

Please note I have direct access to the Hiring SOC Manager and Director of Security on this position.

An extremely successful publicly traded international company that is a leader in the industry is looking for a Sr. Security Engineer. The company has been in business for 12+ years, is public, earns $30+ million in net income, has cash reserves, is NOT VC funded, is cash flow positive, has 2400+ international employees and has over 100 million active global users. The company develops extremely high volume online and interactive web based products.

The Sr. Security Engineer will join and assist the Security Operations Center Manager and Sr. Security Architect in the ground up design, build out, evolution and management of a World Class Security Operations Center. The first order of business for this position will be the design, configuration, implementation and utilization of a formal Incident Response System and a SIEM System. The company is currently using Splunk and Imperva for Incident Response and SIEM. Note that the systems are in a rudimentary stage and the Security Operations Center Manager and Sr. Security Architect are not locked in on these tools. The Sr. Security Engineer will, at the minimum, have an extensive understanding and solid professional experience with Incident Response Systems and SIEM systems; regardless of specific security tools. The Sr. Security Engineer will be responsible for receiving security alerts, identify attacks via splunk or imperva, investigating security issue, determine impact of attack, plot remediation course (install ACL’s, take steps to stop or shut down attack, remove malware, etc.), identify gaps in coverage and create security solutions to fill gaps.

The Sr. Security Engineer will be responsible for one or more of the following in course of their work as their skill set allows:

Data aggregation: Perform log management and aggregate data from Security tools (Splunk and Imperva) and network (Palo Alto Threat Platform). The Sr. Security Engineer will consolidate monitored data and analyze to help avoid missing crucial events in the future.

Correlation: Look for common attributes and link events together into meaningful bundles. Perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information.

Alerting: Perform automated analysis of correlated events and production of alerts, to notify recipients of immediate issues.

Dashboards: Utilize tool to take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.

Forensic analysis: Search across logs on different nodes and time periods based on specific criteria.

In the future, the Sr. Security Engineer will work with the Security Operations Center Manager in evaluating, testing and implementing the appropriate IDS/IPS, Vulnerability Management Systems, Web Application Scanning and DLP/DLS’s based on the SOC Manager’s expertise in the field and the current environment and collaboration with the Sr. Security Architect.

Additional responsibilities:

Plan and execute regular incident response and postmortem exercises

Manage security event investigations, partnering with other departments as needed

Create, implement and continually evaluate and update SOC policies and procedures as appropriate

Develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of SOC analysts

The Sr. Security Engineer will report to the Security Operations Center Manager

Please note that the Hiring Security Operations Center Manager and Director of Security understand that a Sr. Security Engineer will not have experience with all of the above security tools and responsibilities. Expertise with Incident Response OR SIEM mandatory.

The company offers matching 401K, full benefits (PPO & HMO) including medical, dental and vision, paid vacation and paid holidays, Short and Long Term Disability, Life Insurance, Employee Assistance Program, fitness reimbursement program, free onsite gym, free espressos and snacks, casual dress, paid parking (or public transportation subsidization) and flexible work hours that all start upon employment.

 

REQUIREMENTS:

Must have 4-5+ years of Information Security Engineering experience

MUST have significant experience with either Incident Response Systems OR SIEM Systems (Splunk, IBM’s QRadar, HP’s ArcSight, LogRythym, AlienVault, Nitro, Imperva, etc)

Experience performing event monitoring, packet analysis, log analysis, and data loss prevention

Experience performing Security Remediation

 

The following are only a Plus (NOT mandatory):

Experience with the ground up design, configuration and implementation of a formal Incident Response System or SIEM System a plus (including processes, procedures, investigations of incidents/security breaches/hacks and resolutions).

Any experience performing event monitoring, packet analysis, log analysis, and data loss prevention.

Experience designing and building out or working within a formal SOC is a plus

Understanding of OWASP

SQL Injection

Cross-site scripting / XSS : understanding of  what types of web attacks there are out there

Any experience with any of the following security tools only a plus, not mandatory:

  • Network: Palo Alto Threat Platform (ability to get around the GUI, perform queries
  • IDS/IPS: Cisco, Sourcefire, Snort, Palo Alto, Qualys, etc.
  • Vulnerability Management: Qualys, Nessus/Tenable, Nexpose, etc.
  • Web Application Scanning: IBM’s AppScan, HP WebInspect, W3AF, BurpSuite, QualysGuard WAS, NetSparker, etc.
  • DDoS: Arbor Networks, Prolexic
  • Penetration Testing
  • AntiMalware: Malwarebytes’ Anti-malware, McAfee, ClamAV, ViruTotal
  • GRC: governance, risk and compliance (GRC): MetricStream, ARIS, IntelligenceBank, Resolver, BP Logix, etc.

 

Any experience designing and architecting security systems

Global security experience

Any Security experience in a high volume highly interactive web based products environment is a big plus

Any experience with anti-virus, intrusion detection systems, firewalls, Active Directory, web proxies,

DDoS mitigation strategies and solutions, Linux / Windows operation systems, TCP/IP, packet analysis tools (Wireshark, etc.), databases and web applications /servers

Any experience with or knowledge of Security and privacy regulations

Certified Information Security Professional (CISSP) or equivalent certification is a plus

CISO, CISM, CPP, GIAC, ISSO, CPP, GCIA, GCIH, CEH, CPSSE, ECSP, GSSP

BS and/or MS in Computer Science or a related degree

Posted By

Al Karaptian

Hermosa Beach, CA, 90254

Dice Id : equest
Position Id : 403
Have a Job? Post it

Similar Positions

Information Security Specialist
  • First Republic Bank
  • San Francisco, CA
Security Engineer (Data Protection)
  • Gap Inc
  • San Francisco, CA
Info Security Analyst
  • CSI (Consultant Specialists Inc.)
  • San Francisco, CA
Security Engineer in San Francisco
  • Modis
  • San Francisco, CA
Cyber Security Specialist
  • Kforce Inc.
  • San Francisco, CA
Sr Security Engineer
  • Calsoft Labs
  • San Francisco, CA
Security Assessment Manager
  • Federal Reserve Bank
  • San Francisco, CA
Information Security Assurance Analyst
  • SIS-Systems Integration Solutions, Inc.
  • Emeryville, CA
Sr Securtiy Engineer
  • DPP Tech, Inc.
  • San Francisco, CA
Information Security Analyst
  • Krishna Jyothi Info
  • San Francisco, CA
Senior Application Security Engineer
  • Social Finance, Inc.
  • San Francisco, CA
Security Engineer
  • Mainz Brady Group
  • San Francisco, CA
Security Engineer, Sr.
  • The Judge Group
  • San Francisco, CA