Senior Engineer - Enterprise Security Operations
The Senior Engineer - Enterprise Security Operations supports the CSL Information Security Program in the key areas of information threat detection, response and remediation, as part of a team of security operations professionals. The focus of this engineering position is to assist with level 3 incident response activities and forensics analysis, and also participates in the development, implementation and operations of all preventative and detection security controls and reporting. This position reports to the Senior Manager, Security Operations. With some guidance this engineer is a key contributor to the technical and operational success of overall Information Security Program and leads security incident response and forensics activities while learning the skills to become a leader in these activities.
- This position reports to: Senior Manager, Enterprise Security Operations
- Role/s reporting to this position: None.
Main Responsibilities and Accountabilities
1) Supports and assists to improve the CSL Global Information Security Program and the Enterprise Security Operations programs.
2) Participates in the development, operations, and improvement of the CSL Continuous Monitoring Program, Security Information and Event Management (SIEM), all related tools and processes.
3) Responds as the technical support for detected securitythreats, contributes to the coordinated management of the response activities, and develops incident reports as part of a 24x7 security operations team.
4) Provides technical expertise and response activities, while collaborating with vendor-supplied technical support and other subject matter experts.
5) Participates as a technical security support and coordinates with technical teams to respond, continually assess, and improve these security operations:
- Computer Incident Response / Forensic Event Analysis
- Email Threat Filtering Management
- Endpoint and Antivirus Management and Response
- Next Generation Firewalls / Intrusion Detection and Protection
- Sandbox and Threat Analysis
- SIEM Management and Log Management
- Vulnerability Management
- Web Filtering Management
6) With some guidance, provides on-demand and scheduled investigations of securitythreats and compromised systems.
7) Collaborates on security controls and tool efficacy analysis, and provides feedback on areas of improvements for strategic attention.
8) Participates in the development of the Enterprise Security Operations team, and helps to grow its capabilities, experience and expertise.
9) Contributes to securityreports, dashboards and alerts to create an overall situational awareness of the threats to CSL.
10) Supports the development of metrics and reporting to provide continuous improvements for all Security Operational controls and processes.
11) Reviews and supports the enhancement of all Security Policies, Procedures, Guidelines and Standards.
12) Utilizes available training, peer knowledge transfer and other publically available curriculum to continually improve subject matter expertise and professional development.
Bachelor’s degree or equivalent experience. Educational concentration in a computer-based discipline (e.g. Computer Science, Information Systems) or a technical discipline (e.g. Engineering, Mathematics) is preferred.
CISSP/ISC2, GIAC, ISACA or related technical security certifications are desirable
Security Appliances, Scripting/Programming, and/or Operating System certifications.
- 7+ years of experience in IT or an applicable function that directly aligns with the specific responsibilities for this position.
- 5+ years of experience working with complex, large-scale technical environments.
- 5+ years of professional experience in Information Security or related work experience.
- Data security
- Incident response and securityforensics
- ISO and NIST security frameworks implementation
- Work in a controlled regulatory or pharmaceutical environment
- Work within a global, matrix management organization
- Work in an international, 24x7 environment
- Communicates Effectively
- Manages Complexity
- Plans & Aligns
- Situational Adaptability
- Manages Ambiguity
The level of core competencies will be based on level of role.
Candidate will have expertise and significant skills in two or more of the following technical disciplines:
- Secure integration and implementation
- Data Encryption
- Data Loss Prevention / Protection
- Security certificates
Penetration and Vulnerability Testing
- Metasploit, Kali, Sift and related security testing tools experience is a plus
- Scripting/programming proficiency, including VB, Pearl, Python, and/or PowerShell is a plus
Security Information and Event Management (SIEM)
- Q-Radar or other SIEM experience
- Log management
- Process-oriented incident response skills
- Email threat management
- Next generation firewalls – Palo Alto
- Network Access Control – Aruba Clearpass
- Orchestration and Automation
- Z-Scaler Cloud based proxy
General Security Knowledge
- Experience with information privacy and securitylaws (covering such items as data breaches, safe harbor, records management and structured/unstructured data management) is a plus
The level of core skills will be based on level of role.