Security Operations Engineer

The Security Operations Engineer position will be part of the managed services team in a 24x7x365 Security Operations Center (SOC). The SOC is responsible for detecting network intrusion attempts, investigating security events, and responding to threats using our proprietary platform and tools. The Security Operations Engineer, will evaluate network, end point, and authentication activity on customer networks to find risk and threats, and define mitigation strategies. In addition, develop, implement, and enhance customer detection rules to better respond to threats identified in customer environments.

Submit your resume to hello@uncommonx.com.

Responsibilities Include:

  • Ability to clearly articulate technical requirements on behalf of the Managed Security Services team. This requires understanding of the workflow and processes, and deeper understanding of the technical details
  • Identify technology and/or configuration gaps in customer environments to aid in improving their security posture
  • Develop, implement, and enhance customer detection rules, integrations, parsing logic, dashboards, and automations within a custom Elastic based platform
  • Manage endpoint protection solutions in customer environments, evaluating deployment health and continuous improvement opportunities

NOTE: This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for their job. Duties, responsibilities, and activities may change at any time with or without notice.

Key Competencies:

  • 3+ years of experience specifically related to Information Security, Network Security, or Cyber Security
  • 2+ years of experience in content development (rules, reports, dashboards, integration, normalization, etc) within SIEM platforms
  • Experience working in a Managed Security Services organization, engineering, security incident response teams, or security analytics disciplines
  • Excellent communication skills, both written and verbal
  • Excellent analytical, problem-solving, and prioritization skills
  • Have technical competency in three (3) of the following, and at minimum a resourceful generalist in:
    • Networking – common protocols, server/client infrastructure, routers, switches, WAPs, etc.
    • Perimeter – firewalls, IDS, IPS, UTM, WAF, Gateways, Proxys, Mail Servers, etc.
    • Authentication – AD, SSO, MFA, etc.
    • End Point – MDM, EDR, EPP, AV
    • SaaS – collaboration tools including O365, GSuite, Box, Salesforce, Workday, etc.
    • SIEM Technologies – Elastic Stack, Splunk, Google Chronicle, LogRhythm, RSA, etc.
  • Know how to use one or more scripting tools and languages such as Python, Bash, and Power Shell

Educational/Certification Requirements/Assets:

  • Undergraduate Degree in Business, Engineering, or Computer Science, or equivalent experience
  • Experience with security operations and the delivery of managed security services