Security Operations Engineer

Job Description

Job Summary:

As a Security Operations Engineer, you will be an integral part of Qualys SOC (Security Operation Center) and CSIRT (Cyber Security Incident Response Team) contributing to the day-to-day activities aimed at monitoring, analyzing, and responding to security incidents. This role requires a solid understanding of security technologies, incident response, and a proactive approach to identifying and mitigating potential threats.

Responsibilities:

Security Monitoring and Analysis:

- Monitor security alerts using SIEM tools, analyzing logs, network traffic, and system events to identify potential security incidents. - Investigate and respond to alerts, ensuring a timely and effective resolution.

Incident Response:

- Participate in incident response activities, assisting in the identification, containment, eradication, and recovery from security incidents. - Document incident response activities and contribute to post-incident reports.

Threat Intelligence Support:

- Assist in the integration of threat intelligence into security operations processes to enhance detection capabilities. - Stay informed about the latest cybersecurity threats and vulnerabilities.

Security Infrastructure Support:

- Support the management and optimization of security infrastructure, including intrusion detection/prevention systems, firewalls, and endpoint protection solutions. - Participate in the configuration and fine-tuning of security technologies.

Automation and Orchestration:

- Contribute to the development and implementation of automation scripts and workflows to streamline repetitive security tasks. - Collaborate with other teams to integrate security processes into broader IT automation frameworks.

Continuous Improvement:

- Identify areas for improvement in security operations processes and technologies. - Participate in the implementation of enhancements and optimization of existing security measures.

Collaboration and Communication:

- Collaborate with other security teams, IT teams, and external partners to address security incidents and improve overall security posture. - Communicate effectively with stakeholders, providing updates on incidents and security operations activities.

Training and Knowledge Sharing:

- Participate in training sessions to enhance skills and knowledge related to security operations. - Contribute to knowledge-sharing initiatives within the security operations team.

Key Skills:

- Familiarity with security tools, including SIEM solutions, intrusion detection/prevention systems, and endpoint protection. - Basic understanding and experience in incident response activities. - Must be familiar with various log sources and investigation approach depending on various kind of incidents. Should understand the correlation between log sources as needed for investigation. - Analyze network and host activities associated with both successful and unsuccessful intrusions by threat actor's basis perimeter security logs. - Experience in correlating malware infections with attack vectors to determine the extent of security and data compromise. - Should have worked in third party security monitoring tool to research, document and respond on the security incidents. - Monitor SIEM and other security tools alerts for anomalous or suspicious activity; research alerts and make recommendations to remediate concerns. - Analyze, correlate and action on data from subscription and public cyber intelligence services, develop tactics to combat future threats, and follow the Incident Response Plan for required response. - Awareness of threat intelligence concepts and their relevance to security operations. - Basic knowledge of scripting (Python, PowerShell, etc.) to support automation efforts. - Understanding of security infrastructure components and their role in safeguarding the organization - Strong problem-solving skills to analyze and respond to security incidents effectively. - Effective communication skills to convey technical information to team members and stakeholders. - Ability to collaborate with team members and other departments to achieve security goals.

Qualifications:

- Bachelor's degree in computer science, Information Security, or a related field. - 2+ years of experience in a security operations role or a related cybersecurity position. - Understanding of cybersecurity principles and best practices. - Basic knowledge of networking concepts and protocols. - Security certifications (e.g., CompTIA Security+, SANS GIAC) are a plus. - EDR/XDR – Hands on administrating and monitoring any of this product is desirable (Qualys EDR/XDR, Cisco AMP, Carbon Black, CrowdStrike, TrendMicro, Microsoft Sentinel one etc.) - Advanced analytics – UEBA - Automation - SOAR - Willingness to pursue additional certifications and training in cybersecurity. - Strong analytical and problem-solving abilities.