Security Engineer II

Security Engineer II

Requirements

• Minimum of 4 years’ experience in a cyber defense or security engineering role – Demonstrated track record of protecting and defending enterprise systems, data, and infrastructure
• Demonstrated passion for cybersecurity – Strong foundational knowledge of security operations, cyber defense, enterprise security, threat intelligence, and incident response
• Deep understanding of security technologies and best practices – Proficiency with security controls, firewalls, IDS/IPS, SIEM, DLP, encryption, MFA architectures, O365 architecture, Active Directory, SSO, system hardening, and enterprise security principles
• Security Automation – Hands-on experience with automation and orchestration tools (e.g., Splunk Phantom, Cortex XSOAR, tines, torq), including the ability to streamline repetitive tasks, reduce manual effort, and improve incident response efficiency
• Understanding of vulnerability management – Experience using vulnerability scanning tools and overseeing remediation processes to address identified weaknesses
• Cloud security expertise – Familiarity with SaaS, IaaS, and PaaS environments, along with provider-specific security controls and best practices
• Log analysis and threat identification – Ability to review logs from diverse platforms and environments, detect indicators of compromise, and investigate potential threats
• Broad technical knowledge – In-depth understanding of multiple operating systems (Linux/Unix, Windows, Mac), enabling comprehensive threat detection and response
• Scripting and programming skills – Demonstrated proficiency in scripting languages such as PowerShell or Python to automate tasks and enhance security workflows
• Network protocols and network security – Working knowledge of TCP/IP, UDP, DHCP, FTP, SFTP, SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP, and HTTPS, as well as their roles in securing enterprise environments
• Endpoint and data security – Exposure to Next-Gen AV, Endpoint Security, and CASB DLP solutions, with the ability to implement and optimize controls for various endpoints and data channels
• Strong communication and collaboration – Excellent interpersonal skills to work effectively with cross-functional teams, leadership, and stakeholders; ability to translate complex security concepts for non-technical audiences
• Documentation and policy development – Capable of producing clear policies, standards, and procedural documents that enhance organizational security and guide best practices

Responsibilities

• Perform analysis of security incidents and threat actors utilizing the MITRE ATT&CK framework to enhance detection capabilities
• Investigate and respond to security incidents reported by the Managed Security Service Provider (MSSP), security controls, and end users, while developing effective triage processes to ensure prompt and thorough incident handling
• Assist in managing enterprise security infrastructure, including Intrusion Detection/Prevention Systems, SIEM, EDR, Web Filtering, MFA, and Email Security
• Develop threat hunting activities by analyzing anomalous log data, intelligence, and conducting brainstorming sessions to detect and eliminate potential adversaries in our network
• Leverage APIs across enterprise technology, SaaS/IaaS/PaaS and business applications to create new sources of telemetry signals for threat Detection and Response
• Engineer orchestration and automation to streamline the incident analysis and response process
• Engineer war-gaming and tabletop activities as part of red/blue team exercises to strengthen and test incident response playbooks, evaluating and improving the firm’s incident response capabilities
• Conduct vulnerability management assessments, recommend remediation actions, and collaborate with system owners to ensure timely patching
• Collaborate with Managed Security Service Provider (MSSP) to implement threat detection rules and event correlation using SIEM platforms to identify malicious, suspicious, and anomalous activities
• Collaborate with different departments within the firm to identify security monitoring blind spots and opportunities for threat detection
• Provide support in implementing and maintaining the information security infrastructure ensuring its effective operation and ongoing maintenance
• Educate users on security best practices and implement initiatives to promote cybersecurity awareness and risk reduction, including conducting training sessions and developing user-friendly documentation

Preferred Qualifications

• Familiarity with regulatory and compliance frameworks (plus) – Awareness of standards such as NIST, CIS and the ability to apply them to ensure compliance within the firm’s policy