Security Engineer - SOC/Incident Response and Vulnerability Management
SummaryThe Security Engineer will be a key contributor to the organization's Cybersecurity Program, focusing on maintaining the confidentiality, integrity, and availability of information assets. This role requires expertise in security operations, incident handling, and vulnerability management, with a hands-on approach to protecting the enterprise and executing documented security procedures.
Key ResponsibilitiesSecurity Operations & Incident Response (IR)
- Execute and support documented procedures for the Incident Response (IR) process.
- Participate in security incident handling, including initial triage, analysis, and basic remediation steps.
- Work closely with the Managed Security Service Provider (MSSP) and the Security Operations Center (SOC) on alert investigation and threat analysis.
- Utilize Endpoint Detection and Response (EDR) tools to assess and investigate threats and stop malicious activity on endpoints (servers, desktops, laptops).
- Support business continuity and act as an escalation point for incident response decisions.
- Maintain and update operational runbooks and incident response procedures.
Vulnerability Management (VM)
- Execute and support documented procedures for the Vulnerability Management
- (VM) process.
- Conduct ongoing security assessments of infrastructure, identifying misconfigurations and producing remediation reports for corrective action.
- Manage OS and firmware patching across client environments to maintain security baselines and reduce vulnerability exposure.
- Ensure compliance with patching Service Level Agreements (SLAs), including patching Critical Severity (CVSS 9.0-10.0) vulnerabilities within 24 hours of release, and High Severity (CVSS 7.0-8.9) within 15 calendar days of release.
- Support monthly vulnerability scans and log monitoring activities.
Cybersecurity Program Support
- Monitor, manage, and maintain the overall Cybersecurity Program as directed.
- Collaborate with managed security partners (CrowdStrike, Palo Alto) on continuous improvement processes for detection and response metrics (MTTD and MTTR).
Required Technical Skills and Experience- Proven experience in a Security Operations Center (SOC) or a similar security role.
- Hands-on experience with Endpoint Detection and Response (EDR) solutions.
- Expertise in using CrowdStrike (specifically the Falcon Complete suite) for endpoint protection and security incident handling.
- Familiarity with Security Information and Event Management (SIEM) and eXtended
- Detection and Response (XDR) platforms such as Palo Alto Cortex XDR.
- Experience with patching and vulnerability assessment tools.
- Knowledge of industry frameworks like NIST Cybersecurity Framework and Center for
- Internet Security (CIS) Critical Security Controls.
