100% Remote
Contract to hire
Conversion: $120-130k
SOC/SIEM Engineer for Cloud Operations
Position Description:
Security Engineer / SOC Analyst with a primary focus on monitoring, analyzing, developing, and maintaining, dashboards and alerts to identify and report on SIEM activity.
The candidate will be responsible for administering, configuring, and monitoring the SIEM solution to maintain and improve the security posture of our Cloud operations. The candidate will possess solid experience in the SOC/SIEM domain in accordance with the NIST 800-53 security framework. The candidate will be responsible for being able to communicate and report status in a concise, summarized, and effective manner to management.
The position also requires technical skills and experience in a Linux environment and a demonstrated working knowledge of Linux OS, automation, and troubleshooting.
Candidate must be a U.S. Citizen living in the US. Work is 100% remote so must be able to work independently while maintaining close and effective relationships with the entire team. Work is fast paced in a rapidly evolving environment. This is a tremendous opportunity to work and collaborate with highly talented people.
Essential Responsibilities:
Use Sumo Logic in the daily operational work which includes but not limited to Administer,
operate, manage the SIEM solution and regular activities of ensuring the health of log sources,
parsers, alerts, reports etc. to ensure the solution is operating as planned.
Develop content for a growing SIEM infrastructure. This includes dashboards, reports, rules,
filters, trends, and alerts.
Monitor Sumo Logic to assess, prioritize, escalate, and manage potential operational and
security events. Activities include
Respond to security incidents
Conduct threat analysis
Evaluate cybersecurity alerts
Document incidents and review reports
Provide detailed reports for management
Correlation of events, and activities to create threat scenarios to get ahead of threat
actors and reduce exposure.
Participate in incident response functions across the cloud environment in accordance with NIST 800-53 requirements/controls.
Interpret threat intelligence into actionable security actions across tools such as firewall, IPS and malware detection across multiple security vendor platforms.
Continuously track and resolve security incidents and collaborate with cloud operations and ISSM for resolution and suggest areas for improvement.
Plan, manage, and document the reports for Incident Response testing/validation exercises.
Manage, Support, and document activities for Annual Assessments, Significant Change Events.
Must have extensive knowledge of any SIEM solution like QRadar, Splunk, ELK, SumoLogic, etc.
Working knowledge and experience with SumoLogic a plus
Must have working knowledge of Malware detection solutions CrowdStrike, McAfee/Trellix,
TrendMicro, Symantec, etc.
Ideal Candidate will have demonstrated experience and knowledge of the following:
SOC/SIEM Engineer for Cloud Operations
Experience building custom connectors/parsers etc. to include logs from IT assets that are not supported out by Sumo Logic of the box.
System security and SIEM implementation experience
SOC daily operational monitoring, alerting, and escalation
In-depth experience and understanding of Security Event Management – both from a
technology/tool as well as process perspective.
Demonstrated knowledge of TCP/IP networking and major protocols such as: HTTP, SSL/TLS, DNS, SMTP
Demonstrated experience and expertise with several of the following technology competencies with SIEM, vulnerability scanning tools, File Integrity Monitoring, and Data Loss Protection etc.
Development of security scripts in Linux / Windows environment for automated detection and
scanning
Network stream analysis using packet capture/reconstruction.
Experience executing on NIST Incident Response Frameworks
Current knowledge of security threats, solutions, security tools and network technologies
An understanding of information security and compliance regulations (NIST, ISO 27001, GDPR)
Demonstrated ability of effective problem-solving and troubleshooting of technical issues.
Fluency in English, written and spoken is necessary.
Excellent documentation skills
Work independently and a collaborator.
Education & Qualifications
2 to 5 years as a SOC/SIEM Engineer
Bachelor’s Degree in an IT related discipline
In lieu of certifications, at least 2 years of information security, auditing, or risk management EXPERIENCE
