Secuvant is currently seeking candidates for a Sr. Cyber Security Engineer, supporting our co-managed security service offerings. This is an exciting opportunity to be part of a key team of cyber security professionals for a rapidly growing MSSP, supporting full life cycle cyber security operations for our business customers around the world. We are seeking an individual that can bring security engineering and incident response experience to support daily operations and help grow and mature our current offerings.
The Sr. Cyber Security Engineer position will interact daily with business stakeholders and technical teams to determine and develop security architecture approaches and solutions. The position provides support, configuration and administration of security tool sets and infrastructure, as well as investigation of information security events. The position also researches, evaluates and recommends security solutions to solve business needs.
This position requires comprehensive knowledge within a functional area. Performs work under general direction and work is reviewed upon completion for adequacy in meeting objectives and ensuring compliance with processes, standards and policies of the organization. Provides technical solutions to a wide range of difficult and complex problems. Solutions are imaginative, thorough, practical and consistent with the objectives of the organization. This position may train and mentor less experienced professionals.
As a technical cyber security leader, you will be responsible for architecting and engineering security solutions that map to the service offerings of the organization. This includes creating new detection methodologies and providing expert support to incident response and monitoring functions. You will also directly support client setup and consumption of Secuvant services.
· Provide comprehensive guidance in the design, evaluation, and implementation of new security technologies for both internal resources and existing clients
· Research, analysis, and response for alerts; including log retrieval and documentation
· Design and build custom tools for investigations, hunting, and research
· Collaborate with operational teams to identify, resolve and mitigate risk and vulnerabilities
· General SIEM monitoring, analysis, content development, and maintenance including integration with multiple technologies
· Develop advanced queries and alerts to detect threats for customer environments
· Coordinate threat hunting activities across the network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies
· Perform Root Cause Analysis of security incidents for further enhancement of alert catalog
· Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
· Experience with designing and implementing security solutions
· In-depth knowledge of *NIX systems
· Knowledge of vulnerability management, including testing, scanning, and report generation
· Experience taking a project from requirements gathering through the design, testing, and deployment phases.
· A broad knowledge of information security principles (e.g. access control)
· Working knowledge of security architectures and devices
· Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions
· Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts
· Experience working in fast paced environments, and ability manage workload especially during times of stress or escalated activity
· Comfortable with impromptu tasking and loosely defined requirements
· Strong analytical and investigation skills
· Strong time management and multitasking skills as well as attention to detail
· Strong collaborative skills and proven ability to work in a diverse team of security professionals
· Track record of creative problem solving, and the desire to create and build new processes
· Coordinates delivery of project milestones, ensures projects stay on target, escalating and identifying roadblocks.
· Intermediate experience with third party and open sourced cloud solutions including OpenStack, Azure, AWS, and Google Cloud.
· Intermediate understanding and experience with System Administration, Network Architecture, and Application Security.
· Experience with creating automated log correlations in a SIEM or a similar tool to identify anomalous and potentially malicious behavior
· Experience with system exploitation methodologies
· Working knowledge of threat intelligence consumption and management
· Experience converting intelligence into actionable mitigation and technical control recommendations
· Working knowledge of root causes of malware infections and proactive mitigation
· Working knowledge of lateral movement, footholds, and data exfiltration techniques
· Experience with Netflow and PCAP analysis
· Ability to work independently on initiatives with little oversight. Motivated and willing to learn.
· Strong analytical skills/problem solving/conceptual thinking.
· Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
· Must have strong leadership skills and qualities which enable you to lead a team, work with peers, and various levels of management.
· Ability to interact with internal business partners at a senior and management level to clarify requirements and business needs for changes and enhancements
· Excellent oral and written communications skills
· Comfortable communicating with customers on architecture and system requirements
· Bachelor’s degree in a related discipline (e.g. Computer Information Systems, Information System Technologies, Management Information Systems). In lieu of a degree, six (6) years’ directly related experience will be considered.
· 5+ years of relevant cyber security experience in IT Security
· 2+ years of experience in the network security discipline
· Preferred security certifications (CISSP, GCIA, GCIH, GREM, CEH, etc.)
· Ability to produce quality work in a fast-paced environment.
· Ability to work on multiple projects at the same time.
· Ability to work non-standard work hours as needed or required to meet established deadlines.
· Ability to work indoors, in an office environment, regardless of whether cubicle, open office or private office.
· Subject to normal office noise levels.
Job Posting: January 2018
Primary Location: West Jordan, Utah
Security Clearance Level: None
Potential for Teleworking: Occasionally, as needed
Travel: Yes, 10% of the time