Senior Security Engineer - Heartland (Remote)

Job Description

• GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions and minimize risk • The Senior Security Engineer is responsible for the set up of security alerting tools and technologies (SIEM, IDS/IPS, anti-malware, etc.) as well as security orchestration and automation response (SOAR) and be able to translate indicators of compromise (IOCs) into actionable alerts with automated response • Constantly looking to improve the speed, effectiveness and quality of security alerting to identify threats faster and stop them from achieving their objectives • Help the SOC transform manual processes into automated playbooks inside the SOAR platform • Build behavioral analytics to detect insider threats • Engage with other aspects of the Technical Operations including ticketing, monitoring, and detection tools • Create detection logic tailored to the enterprise threat landscape using industry-specific intelligence and develop use cases, dashboards, and policies • Work closely with the Security Analyst to automate the collection of supporting information for alert analysis and resulting defensive response • Respond to high-priority requests for information/custom detections from key partners • Manage and update Threat Operations procedures and workflows/playbooks • Become a subject matter expert in the customers' high-value assets and targets • Build novel monitoring and alerting playbooks to address potential targeted attacks • Perform other security operations necessary for continuous monitoring and triaging the platform.

Qualifications

• Minimum 3 years experience in SOC operations building dashboards and custom data analysis for threat application • 1+ years of scripting, Python strongly desired • Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly • Knowledge of how common protocols and applications work at the network level, including DNS & HTTPS • Experience using the Linux command line interface (CLI) • Experience managing or developing detection logic for enterprise SIEM systems • Experience with exploitation techniques and use case development • Experience with IOC datasets (e.g., YARA, OpenIOC, STIX) • Experience deploying to, and leveraging cloud environments (AWS, Azure, GCP) to extend operational capabilities • Strong knowledge of network monitoring and network exploitation techniques, including the MITRE ATT&CK technique framework and other common attack vectors

Benefits

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions) • 100% employer-paid medical premiums (employee only $0 deductible and HSA plans) along with 75% employer-paid family contributions • 100% employer-paid dental premiums (employee only) along with 75% employer-paid family contributions • 12 corporate holidays and a Flexible Time Off (FTO) program • Healthy mobile phone and home internet allowance • Eligibility for retirement plan after 2 months at open enrollment • Pet Benefit Option