Security Operations Engineer

Piper companies is seeking a Security Operations Engineer to provide strategy, leadership, and operational support of Security Operations processes for clients with regulatory compliance requirements. The Managed Services team is responsible for configuring, managing and updating security tools (SIEM / EDR) in our client environments and performing alert triage of security alerts. You will work within major public clouds and best-of-breed tools, utilizing your technical abilities to monitor vulnerabilities and recommend remediation or resolution.

Responsibilities:

• Provide 24x7x365 security monitoring for multiple clients while working closely with SREs and product teams
• Work across a myriad of technology stacks in leading cloud providers like AWS, Azure, and GCP
• Analyze security events using logs and open-source knowledge to determine legitimate or false positive nature
• Maintain a record of security monitoring activities via case management and ticketing technologies
• Administer and monitor intrusion detection, file integrity, endpoint protection, log management and SIEM solutions
• Integrate security tools using a wide variety of data sources that use various protocols
• Design, build, and maintain environment-specific rules, alerts, and dashboards in SIEM tooling via custom queries
• Consult with clients to customize and configure SIEM tools in order to meet security and compliance requirements
• Communicate alerts to team members and clients related to security anomalies in the environment
• Participate in on-call rotations as needed to support client operational needs that may lay outside of business hours

Knowledge and Skills:

• BS or above in related Information Technology field or equivalent combination of education and experience
• 4+ years of experience in 24x7x365 production security operations
• 4+ years of experience administering and operating security tooling such as SIEM, IDS, and endpoint protection
• 4+ years of hands-on technical experience supporting cloud operations and automation in Azure, AWS, and/or GCP
• Experience with ITSM solutions such as Jira and ServiceNow
• Certifications such as Splunk Enterprise Certified Admin/Splunk Power User or ELK/Sentinel/Google SecOps Certification.
• Proven experience configuring, implementing, and supporting SIEM components deployed in the Cloud
• Knowledge of scripting languages such as Python
• Understanding of regular expression and query languages
• Practical experience in administration of Linux infrastructure.
• Experience in Information Security with a focus on incident response and security engineering
• Experience analyzing events or incidents to triage the issue, find the root cause through log and forensic analysis, and determine security vulnerabilities, attacker exploit techniques, and methods for their remediation.
• Experience developing playbooks, run books, troubleshoot technical issues, and recognize and identify patterns
• Experience with AWS and vendor SaaS Integrations
• Experience with automation, building security, and/or deploying tools
• Proficiency with infrastructure as code, such as Terraform
• Excellent communication, organizational, and problem-solving skills in a dynamic environment
• Effective documentation skills, to include technical diagrams and written descriptions

Compensation:

• Medical, dental, vision, 401(k) Plan. 
• Time off: PTO, sick, holiday,
• $115,000 - $125,000 (5-10% annual bonus)

Keywords: security engineer, log, log management, splunk, sentinel one, sentinel. security operations, scripting, siem, xdr, endpoint protection, incident response, incident management, rules, tools, dashboards