Staff Information Security Engineer – Tdr/Csirt
| Company | Proofpoint |
|---|---|
| Location | Draper, UT, USA, Sunnyvale, CA, USA |
| Salary | $132975 – $267190 |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior, Expert or higher |
Requirements
- Extensive hands-on experience in Cybersecurity Incident Response or Security Operations.
- Must be a US Citizen.
- Strong background in SOC operations, SIEM, threat intelligence, and digital forensics. Expertise in investigating malware, phishing, web attacks, insider threats, and advanced persistent threats (APTs).
- Experience working with security automation and orchestration tools (SOAR).
- Familiarity with scripting languages such as Python, PowerShell, or Bash for security automation.
- Strong understanding of MITRE ATT&CK framework, TTPs (Tactics, Techniques, and Procedures), and cyber kill chain.
- Hands-on experience with cloud security (AWS, Azure, GCP) is a plus.
Responsibilities
- Act as the Level 3 escalation point for high-severity security incidents within the global 24/7 SOC.
- Lead complex investigations into advanced cyber threats, including malware outbreaks, targeted attacks, and persistent threats.
- Provide expert-level guidance on containment, mitigation, and remediation strategies.
- Proactively hunt for hidden threats within enterprise networks using threat intelligence and behavioral analytics.
- Develop and refine threat detection rules to improve SOC visibility.
- Assess emerging threats and provide actionable recommendations to enhance security posture.
- Design and implement automated workflows to enhance security event triage and response.
- Leverage SOAR (Security Orchestration, Automation, and Response) platforms to streamline incident response.
- Work with SIEM (Security Information and Event Management) tools to optimize log ingestion and alerting mechanisms.
- Collaborate with security architects and engineers to enhance detection and response capabilities.
- Perform root cause analysis on security incidents and recommend improvements to security controls.
- Stay updated on industry best practices and evolving attack techniques to ensure effective defenses.
Preferred Qualifications
- Certifications such as GCIH, GCFA, CISSP, CISM, or OSCP are highly desirable.