Security Engineer

• To support the Technical Solutions Team in defending, responding, reporting, mitigating, and restoring enterprise systems before, during and after any attempts at exploitation. As Security Engineer, your role will vary at times depending on the missions and threats. You may work on different projects (simultaneously) together with colleagues from your own department, but also with other departments. Your daily routine tasks will be focused on being an escalation point and support for the team. You will work with a variety of customers: governments, the SME sector, large companies, service providers and non-governmental organizations.

Key Accountabilities

1. Responsible for sustained support of all delivered mission-specific IT equipment (hardware and software), including customized and standalone IT equipment to ensure availability.
2. Manage SIEM and security related devices such as Firewall, IDS, EDR and DLP.
3. SIEM Engineering, SIEM use case development and SOAR development.
4. Manage and operate cloud based security products and solutions.
5. Ensure the health of data sources feeding into the SIEM or other security related tools, such as system logs, application logs, firewall logs, packet captures.
6. Assist with assessments and forensic analysis when directed.
7. Creation of dashboards, reports and correlation rules/use cases.
8. Collaborates with the SOC team to ensure the organization's systems are operational and secure.
9. Collaborates with SOC team to plan, create and deploy the tools needed to achieve objectives.
10. Assist in the development of internal operational architecture, tools, and procedures for ways to improve performance.
11. Collaborate with development organizations to create and deploy the tools needed to achieve objectives.
12. Work in shift, or on-call to cover 24/7 window.
13. Provide monitoring support where necessary.

Requirements:

1. A bachelor degree in a related field (IT, engineering) is preferred.
2. At least 7 years of relevant work experience in cybersecurity.
3. Good knowledge of network and security tools such as Microsoft Azure Sentinel, Nagios/Zabbix, Splunk, Juniper SRX, Cisco ASA, Palo Alto, Fortigate and Security Onion.
4. Strong knowledge of IT ticketing systems, case management tools such as TheHive or Resilient.
5. Strong understanding of network and system architectures, HLD and LLD.
6. Strong experience in or expert knowledge of TCP/IP, Mitre ATT&CK and Cyber Kill Chain.
7. In-depth knowledge on security devices and applications such as DLP, Endpoint Security (Microsoft Defender, Carbon Black EDR, Velociraptor), Firewalls as well as authentication services like ACL, TACACS, RADIUS.
8. Strong understanding of Change Management and Incident handling.
9. Working knowledge of NIST Security Control Standards.
10. Desired certifications are: CEH, GCIA, CCNA, CCNP, ITIL.