Tier 3 Systems Engineer - Security Lead

The Tier 3 Systems Engineer – Security Lead will be responsible for providing real-time incident response and threat hunting within their production cloud environment. The candidate will report to senior management and collaborate and lead other customer teams including security operations, operations engineers, and analysts. 

Role Description 

The candidate will manage escalations from other analysts, further analyzing possible and confirmed security threats. The position requires the ability to prioritize and triage incoming requests. 

Job Responsibilities:

While operations roles bring new challenges every day, example responsibilities include: 

• Respond to cloud incidents promptly and effectively, minimizing downtime and disruption 
• Proactively hunt for potential threats in the customer's cloud environment, using a variety of tools and techniques 
• Assist with containment of threats and remediation of environment during or after an incident 
• Collaborate with customer technical staff and complementary teams including global security management team, security operations, and other incident response teams 
• Develop and implement incident response and threat hunting strategies, response procedures, and best practices 
• Continuously learn and stay updated about new cloud technologies, threats, and best practices 
• Provide technical support and guidance to other team members as needed. 
• Analyze logs and ensure appropriate monitoring and alerting are in place and effective for responding to potential security incidents 
• Contribute to relevant documentation such as runbooks and procedures 
• Keep an accurate record of work in project management tracking systems 
• Deliver timely and detailed documentation related to any incident including the findings, review and follow-up activities 

• Assist with forensics investigations 

• Communicate effectively with writing and verbal communication using the English language 

·       At least 2 years of experience in an information technology role 

·       At least 2 years of experience with security analysis or forensics with popular virtual machine operating systems like Windows, Linux, or Unix 

·       At least 1 year of operations experience supporting a production cloud environment 

·       Proficiency with at least one of AWS, Google Cloud, or Azure, and eagerness to learn the others 

·       Experience analyzing, investigating, and responding to security incidents in the cloud 

·       Understanding of network fundamentals, common Internet protocols, and APIs 

·       Strong understanding of cloud architecture and security principles 

·       Strong communication skills and the ability to work effectively in a team 

·       Ability to review and follow checklists and guidance for best security practices 

Preferred Qualifications

The ideal candidate will have one or more of the following qualifications: 

• GIAC Certified Incident Handler Certification
• (GCIH)  GIAC Cloud Threat Detection (GCTD),
• GIAC Cyber Threat Intelligence (GCTI), or GIAC Cloud Forensics Responder (GCFR) or similar 

Professional cloud architect or security specialty certifications (AWS, GCP, or Azure) 

Familiarity with an enterprise SIEM like Splunk, Chronicle, Sentinel 

Familiarity with XDR security tools like CrowdStrike Falcon, SentinelOne 

Familiarity with multi-cloud security tools like Wiz, Orca 

Familiarity with security orchestration automation and response (SOAR) tools like Phantom (Splunk), Chronicle, Cortex 

Experience with Python or bash scripting 

Understanding of common cloud network infrastructure, including firewalls and security groups, routing, VPNs, and DNS within the cloud 

We are looking for more than technical skills! 

Security operations delivery isn’t just about tech chops. The ideal candidate for this position will: 

• Communicate effectively with writing and verbal communications using the English language 
• Possess excellent problem-solving skills and the ability to work under pressure 
• Embrace continual change and the opportunity to improve 
• Enjoy working to solve problems through research, critical thinking, experimentation, and knowledge sharing with the team 
• Patiently explain technical concepts to both technical and non-technical personnel 
• Proactively identify areas for internal improvement and lead internal process development efforts 
• Efficiently work in a self-directed, independent capacity  
• Possess a willingness and passion to provide guidance and professionally develop associate consultants
•  Demonstrate ability to work collaboratively with different geographic and functional groups 

▪        Undergraduate degree or Technical Certification in Computer Science, Computer Engineering, Management Information Systems or a related STEM based curriculum

▪        Experience or certification in Computer Systems Security, Network Security, Security Policy Management, User Identity Management.

NOTE: Candidates from all disciplines are encouraged to apply, as we recognize many viable paths to success