Security Operations Engineer
About The Role
The IT Security team is responsible for the oversight and execution of a "cloud-first" Information Security, Business Continuity and Risk Management programs to support our business goals. This includes, but is not limited to security operations, vulnerability and patch management, incident response, disaster recovery, business continuity, risk identification and mitigation planning / implementation, identity management, network security, privacy, and compliance.
The role of Security Operations Engineer reports directly to the lead of Security Operations and is part of the office of the CISO. This role is accountable for the architecture, engineering, and automation of in-house security platforms including the Microsoft Sentinel SIEM and associated SOAR tooling. The ideal candidate will have deep technical expertise in the Microsoft security stack and have demonstrated excellence in the development of security automation across domains such as alert triage, response, as well as other security processes such as patch and vulnerability management. They will also work extensively with various IT teams to define appropriate log ingestion, data enrichment, alerting and response actions via the SIEM/SOAR platform. They will also support the Security Operations Center (SOC) for advanced SIEM queries and analytic alerts.
- Technical lead and owner of all Security Operations tooling including SIEM / SOAR platforms across a variety of companies
- Envision and plan short and long term SIEM and automaton improvements
- Drive creation and implementation of SIEM content (e.g. rules, alerts, dashboards, etc.)
- Ensure better analytics via SIEM - improve signal-to-noise ratio in SIEM content
- Design and implementation of automation for alert enrichment, common detections closure, and response actions
- Integration with the external SOC provider to optimize the partnership and improve detection and response capabilities
- Consolidation of data sources across many Microsoft tenants, systems, and companies into a single source for consolidation of Security Operations procedures
- Partnering with various IT organizations to design and implement security monitoring across all core business applications
- Maintenance of all Security Operations tooling to ensure high availability of all log sources
- Partnering with Security Analysts to enhance Security Operations procedures as well as incident response
- Consolidation and automation of Security Operations Metrics from various sources
- Bachelor's degree in Computer Science, Information Security, or a related field.
- 3-6 years in a security related engineering role
- 2-4 years of SIEM/SOAR Engineering Experience
- Deep technical understanding of Microsoft Sentinel, Log Analytics, Defender, and other Microsoft security tooling
- Demonstrated excellence is the area of security automation
- Proficiency with programming and scripting languages (KQL, Python, Powershell)
- Proficiency with Microsoft Power Apps, Azure Functions, Logic Apps, and other Microsoft automation tooling
- Proficiency in API development with the goal of integrating security tooling
- Familiarity with various log ingestion methodologies into a SIEM environment.
- Familiarity with automated development lifecycles and pipelines (DevOps)
- Familiarity with Cisco security tooling including Meraki and Umbrella
- Experience in multi-tenant or MSP like environments a plus
- Possession of or ability to obtain professional certifications in information security or risk management, such as a CISSP, CISM, CEH, or forensic certifications.
- Self-starter who demonstrates strong ownership of their domain and can benchmark the current state, propose improvements, and implement with little supervision
- Natural passion for security and strong drive to automate common tasks
It is impossible to list every requirement for, or responsibility of, any position. Similarly, we cannot identify all the skills a position may require since job responsibilities and the Company's needs may change over time. Therefore, the above job description is not comprehensive or exhaustive. The Company reserves the right to adjust, add to or eliminate any aspect of the above description. The Company also retains the right to require all employees to undertake additional or different job responsibilities when necessary to meet business needs.
Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
Benefits & Perks
- Time Off: 20 days of PTO for full-time employees and 12 company holidays.
- Summer Fridays: July 4th through Labor Day, the office is completely closed/offline every other Friday.
- Company Paid Benefits: Life insurance, Short-term disability, Long-term disability, Paid parental leave, Employee Assistance Program, and medical insurance in our high deductible health plan.
- Optional Employee Paid Benefits: Medical insurance in our EPO plan, Dental benefits, and Vision benefits. We also offer Health Savings Accounts, Flexible Spending Accounts, Supplemental Life insurance, and more.
- 401(k): Eligible after 60 days. Discretionary company match of 50% up to the first 6% of contributions.
EQUAL OPPORTUNITY EMPLOYER
ALCORITY IS AN EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER. THE COMPANY'S POLICY IS NOT TO DISCRIMINATE AGAINST ANY APPLICANT OR EMPLOYEE BASED ON RACE, COLOR, RELIGION, NATIONAL ORIGIN, GENDER, AGE, SEXUAL ORIENTATION, GENDER IDENTITY OR EXPRESSION, MARITAL STATUS, MENTAL OR PHYSICAL DISABILITY, AND GENETIC INFORMATION, OR ANY OTHER BASIS PROTECTED BY APPLICABLE LAW. THE FIRM ALSO PROHIBITS HARASSMENT OF APPLICANTS OR EMPLOYEES BASED ON ANY OF THESE PROTECTED CATEGORIES.