Please note I have direct access to the Hiring SOC Manager and Director of Security on this position.
An extremely successful publicly traded international company that is a leader in the industry is looking for a Sr. Security Engineer. The company has been in business for 12+ years, is public, earns $30+ million in net income, has cash reserves, is NOT VC funded, is cash flow positive, has 2400+ international employees and has over 100 million active global users. The company develops extremely high volume online and interactive web based products.
The Sr. Security Engineer will join and assist the Security Operations Center Manager and Sr. Security Architect in the ground up design, build out, evolution and management of a World Class Security Operations Center. The first order of business for this position will be the design, configuration, implementation and utilization of a formal Incident Response System and a SIEM System. The company is currently using Splunk and Imperva for Incident Response and SIEM. Note that the systems are in a rudimentary stage and the Security Operations Center Manager and Sr. Security Architect are not locked in on these tools. The Sr. Security Engineer will, at the minimum, have an extensive understanding and solid professional experience with Incident Response Systems and SIEM systems; regardless of specific security tools. The Sr. Security Engineer will be responsible for receiving security alerts, identify attacks via splunk or imperva, investigating security issue, determine impact of attack, plot remediation course (install ACL’s, take steps to stop or shut down attack, remove malware, etc.), identify gaps in coverage and create security solutions to fill gaps.
The Sr. Security Engineer will be responsible for one or more of the following in course of their work as their skill set allows:
Data aggregation: Perform log management and aggregate data from Security tools (Splunk and Imperva) and network (Palo Alto Threat Platform). The Sr. Security Engineer will consolidate monitored data and analyze to help avoid missing crucial events in the future.
Correlation: Look for common attributes and link events together into meaningful bundles. Perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information.
Alerting: Perform automated analysis of correlated events and production of alerts, to notify recipients of immediate issues.
Dashboards: Utilize tool to take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.
Forensic analysis: Search across logs on different nodes and time periods based on specific criteria.
In the future, the Sr. Security Engineer will work with the Security Operations Center Manager in evaluating, testing and implementing the appropriate IDS/IPS, Vulnerability Management Systems, Web Application Scanning and DLP/DLS’s based on the SOC Manager’s expertise in the field and the current environment and collaboration with the Sr. Security Architect.
Plan and execute regular incident response and postmortem exercises
Manage security event investigations, partnering with other departments as needed
Create, implement and continually evaluate and update SOC policies and procedures as appropriate
Develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of SOC analysts
The Sr. Security Engineer will report to the Security Operations Center Manager
Please note that the Hiring Security Operations Center Manager and Director of Security understand that a Sr. Security Engineer will not have experience with all of the above security tools and responsibilities. Expertise with Incident Response OR SIEM mandatory.
The company offers matching 401K, full benefits (PPO & HMO) including medical, dental and vision, paid vacation and paid holidays, Short and Long Term Disability, Life Insurance, Employee Assistance Program, fitness reimbursement program, free onsite gym, free espressos and snacks, casual dress, paid parking (or public transportation subsidization) and flexible work hours that all start upon employment.
Must have 4-5+ years of Information Security Engineering experience
MUST have significant experience with either Incident Response Systems OR SIEM Systems (Splunk, IBM’s QRadar, HP’s ArcSight, LogRythym, AlienVault, Nitro, Imperva, etc)
Experience performing event monitoring, packet analysis, log analysis, and data loss prevention
Experience performing Security Remediation
The following are only a Plus (NOT mandatory):
Experience with the ground up design, configuration and implementation of a formal Incident Response System or SIEM System a plus (including processes, procedures, investigations of incidents/security breaches/hacks and resolutions).
Any experience performing event monitoring, packet analysis, log analysis, and data loss prevention.
Experience designing and building out or working within a formal SOC is a plus
Understanding of OWASP
Cross-site scripting / XSS : understanding of what types of web attacks there are out there
Any experience with any of the following security tools only a plus, not mandatory:
Any experience designing and architecting security systems
Global security experience
Any Security experience in a high volume highly interactive web based products environment is a big plus
Any experience with anti-virus, intrusion detection systems, firewalls, Active Directory, web proxies,
DDoS mitigation strategies and solutions, Linux / Windows operation systems, TCP/IP, packet analysis tools (Wireshark, etc.), databases and web applications /servers
Any experience with or knowledge of Security and privacy regulations
Certified Information Security Professional (CISSP) or equivalent certification is a plus
CISO, CISM, CPP, GIAC, ISSO, CPP, GCIA, GCIH, CEH, CPSSE, ECSP, GSSP
BS and/or MS in Computer Science or a related degree
Hermosa Beach, CA, 90254