SecOps Engineer!

Responsible for maintaining and improving an organization's cybersecurity posture by

monitoring, detecting, responding to, and mitigating security threats and incidents. They bridge the gap between security and IT operations, ensuring systems, networks, and data are protected while maintaining operational efficiency.

Dimensions:

Threat Monitoring and Detection:

• Continuously monitor systems, networks, and applications for suspicious activity using tools

like SIEM (Security Information and Event Management) systems, IDS/IPS, or endpoint

detection solutions.

• Analyze security alerts and logs to identify potential threats or vulnerabilities.

• Incident Response and Mitigation:

• Respond to security incidents, such as malware infections, data breaches, or unauthorized

access, by investigating, containing, and resolving issues.

• Develop and execute incident response plans to minimize impact and prevent recurrence.

• System and Network Security:

• Implement, configure, and maintain security tools and technologies (e.g., firewalls, antivirus,

encryption, and authentication systems).

• Harden systems and networks by applying security patches, updates, and best practices.

• Automation and Process Improvement:

• Automate repetitive security tasks using scripting (e.g., Python, PowerShell) or orchestration

tools to improve efficiency.

• Develop and optimize workflows to enhance security operations and reduce response times. • Documentation and Reporting:

• Document security incidents, procedures, and configurations.

• Generate reports for stakeholders to communicate security status, risks, and

recommendations.

Tasks

• Respond to, investigate, and analyze security events to determine appropriate actions

• Analyze security system logs, security tools, and available data sources to identify attacks

against the enterprise and report on irregularities, issues related to improper access

patterns, trending, and event correlations

• Conduct and apply detection engineering concepts to analyze, create, and tune detection

logic and telemetry to ensure effective coverage and detection of existing and emerging

threats

• Perform security posture analysis to improve overall IT ecosystem utilizing telemetry from

security tools (Secure Score, KQL analysis, custom reporting etc.)

• Gather information from other IT and non-IT staff to obtain information regarding

security problems to networks, servers, endpoints, and applications

• Perform incident response activities and ensure that proper protection or corrective

measures have been taken when an incident has been discovered

• Assist with administration of information security controls and software such as endpoint

protection, endpoint detection and response, intrusion detection/prevention (IDS/IPS),

security incident and event management (SIEM), and physical security systems

• Expected to stay current on security industry trends, new threats and attack techniques,

mitigation techniques, and emerging security technologies

• Provide insight and participate in security projects to evaluate and recommend security

products for various applications and platforms throughout the organization while

supporting business initiatives

• Assist with the development, maintenance of, and training on technical documentation

and Standard Operating Procedures (SOP)

• Improve security efficiency and streamline/automate work processes while working

collaboratively with other team members and IT staff to accomplish objectives

• Participate in critical incidents and implementation reviews

• Additional responsibilities as identified. This description is not designed to encompass a

comprehensive listing of required activities, duties, or responsibilities

Skills & Experiences:

• Highly motivated to work in information security

• Minimum three (3) years of Information Security experience, or experience working in

Information Technology

• Bachelor’s degree in Information Technology or related field preferred; however work

experience and background may be considered in lieu of formal education

• Proven experience creating detection logic, SIEM rules, custom detections within EDR

tools, etc.

• Cloud security experience within Azure or other platforms (AWS, GCP)

• Collaborative interpersonal skills with the ability to work well as an individual and as

part of a team

• Ability to provide formal reports and presentations to people at all levels of the

business, each with varying degrees of technical knowledge

• Proficient knowledge of information systems security concepts and current

information security trends and practices

• Working knowledge of infrastructure security tools such as firewalls, network security

monitoring, anti-malware, OS hardening, etc.

• Experience integrating security tools through scripting, using API’s and improving

existing processes through automated methods are a plus

• Incident Response, Forensics, and Malware Analysis experience is a plus

• System administration and security hardening experience is a plus

• Data analytics / data science techniques and understanding is a plus

• Security Certifications such as the following are a plus (Security+, CISSP, Microsoft

Security or other security focused certifications)

• High attention to detail with the ability to be organized and prioritize tasks so work is

completed in an accurate and timely manner under time constraints

• Excellent written and verbal communication skills in English. (Other languages

considered a plus)

• Ability to work full time in an office and remote environment; physically able to

sit/stand at a computer and work in front of a computer screen for significant portions

of the workday.

• Must become familiar with, promote, and abide by, our Core Values as defined