Security Operations Engineer
Security Operations Engineer
Performs day-to-day operations of security tools, including but not limited to:
- Network and Application Vulnerability Scanning
- Patch Management
- Web Gateways/Proxies
- Endpoint Protection
- Data Loss Prevention
- Intrusion Detection and Prevention
- Log Aggregation/SIEM
- Monitors appropriate security feeds and dashboards in support of Continuous Monitoring activities
- Provides timely security impact analysis to support change management processes
- Supports the Security and Assessment and Authorization process and SDLC activities by providing recommendations on appropriate control implementation and risk mitigation strategies
- Conducts vulnerability scans, interprets results and provides them to customers
- Monitors various Internet and open source information feeds for emerging vulnerabilities and threat actors, determining their applicability to the operating environment and issuing technical advisories appropriately.
Provides input to system security documentation, including but not limited to:
- Concept of Operations
- Architecture Diagrams
- Security Policies
- Standard Operating Procedures
- Participates in Incident Response activities in coordination with other teams as necessary; Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details.
- Evaluates and reviews vulnerability scans, completes review and reports on anti-virus definition reports weekly and takes proactive steps to ensure mitigation and/or remediation of findings.
- Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation. Determines and directs remediation and recovery efforts.
- Develops and implements new approaches and procedures regarding security measures that comply with Judiciary and AOTO policies and guidelines.
- At least 8 years total IT experience, with 2-5 years of experience as a security administrator, engineer, or analyst in an enterprise environment
- Experience with Vulnerability Management Systems (e.g. Nessus)
- Experience with Patch Management Systems (e.g. Quest/Dell Kace 1000)
- Experience with Web-based threat protection (e.g., Websense)
- Experience coordinating and overseeing the implementation of security patches.
- Experience with remediation of security vulnerabilities.
- Knowledge of the operating characteristics of various operating systems, e.g. Windows 7 and 10, Windows server 2008/2012/2016, iOS.
- Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
- Plan, manage and provide guidance pertaining to IT Security to include all phases of computer security (i.e., hardware, software, and telecommunications equipment, installation and evaluation). Work frequently requires the candidate to be involved in diverse projects simultaneously, several of which may have equally high priority.
- Excellent oral and written communications skills. Interaction and information gathering with coworkers and customers.
- Bachelor’ s degree in an IT related field is preferred.
- Industry leading certifications relating to IT security preferred