As a Senior Security Operation Engineer, responsible for cybersecurity continuous monitoring, and strategy security monitoring and reviewing/modifying log ingestion as required alignment of logging efforts with incident response use cases to ensure they are supported and participating in cyber incident response.
This position must operate in a rotation/shift regime
Key Responsibilities:
- Serves as a subject matter expert on logging and monitoring activities in support of cyber legal and administrative investigative efforts.
- Provides second and third-level support and analysis during and after a security incident.
- Monitors reports and security logs for unusual events.
- Works closely with and provides guidance/direction to the Managed Security Service and Security Operations Center.
- Maintains/implements roadmap to expand log management to additional sources
- Reviews log management and alerting solution to enhance current capabilities to classify and prioritize anomalous activity based on the criticality of potential impact on systems and data.
- Enhances data analytics and reporting functionality to allow near-real-time reporting data filtering data enrichment and data correlation.
- Expands database auditing and monitoring capabilities for all critical databases to include those used by Community Connect partners.
- Assists in the development of security policies and procedures.
- Participates in security investigations and compliance reviews as assigned by management.
- Assist in development and deployment of information security awareness training and communication capabilities
- Responsible for operating, maintaining, and supporting various security tools as assigned by management e.g., DLP, CASB, PAM, SIEM, etc.
- Collaborates with other security and infrastructure team members to identify and implement solutions.
- Works with business partners in resolving security-related infrastructure outages.
- Participates in security investigations and compliance reviews as assigned by management.
Requirements
- A minimum of 3 years of experience in 24x7x365 Security Operations environments
- Strong knowledge of cloud security and monitoring tools (AWS and Azure),
- Strong knowledge of on DLP, CASB, SIEM, PAM, SECURE API GATEWAY
- Must possess expert troubleshooting skills.
- Provides second and third-level support and analysis during and after a security incident.
- Monitors reports and security logs for unusual events.
- Operational execution for Security Operations technologies
- Experience in Analyze cloud user traffic identify anomalous activity and specify areas to strengthen protection of cloud data and applications.
- Assist in the development / maintenance of DLP, CASB and Cloud Security Strategies Policies Standards and Procedures. This includes requirements/restrictions for Cloud application and storage use monitoring and where appropriate blocking of data leaving the environment and the ongoing tracking/monitoring of cloud access activities within the enterprise environment.
- A degree in Information Technology, Computer Science or related field