The Senior Security Operations Engineer will participate in establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. As an East West Bank employee, the senior engineer will be part of a growing and stable organization that provides career path development opportunities while serving a growing and profitable market. The Senior Security Operations Engineer will work with senior members of the team to enhance and mature the security operations program.
- Monitor AV/EDR/IDS/IPS solutions for incidents, threat hunt for malicious activity, generate incidents, and triage as needed on a 24x7 basis.
- Adhere to service level agreements (SLAs), metrics and business scorecard obligations for ticket handling of security incidents and events.
- Lead incident management and response activities as a member of the bank’s incident management team. Assist in triage, response and mitigation, postmortem analyses, and forensic analysis.
- Configure and tune AV/EDR/IDS/IPS and apse solutions to improve detection and reduce noise
- Evaluate SOC policies and procedures and recommend updates to management as appropriate.
- Assist in creating correlation rules to enhance detection via SIEM platform
- Assist in penetration testing efforts including coordinating, testing, reporting, and remediation of findings.
- Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
- Lead vulnerability management remediation efforts including analyzing findings from network scanners and application security tools
- Under the direction of the Information Security-Team Lead, develop strategies and plans to achieve security requirements and address identified risks.
- Assist in the development of security architecture and security policies, principles and standards.
- Gather, analyze and assess the current and future threat landscape, and assist in providing leadership with a realistic overview of risks and threats in the enterprise environment.
- Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
- Perform security testing and vulnerability assessments to identify security strengths and weaknesses, to assess the effective ness of existing controls, and to recommend remedial action.
- Review audit trails, system logs and other monitoring data sources regularly and ensure they are in compliance with policies and audit requirements.
- Assist in monitoring DLP incidents, investigation, and tuning of DLP solution
- Mentor junior member of the security operations team.
- Experience leading incident response activities
- In-depth knowledge of risk assessment methods and technologies
- Experience with IDS/IPS/SIEM and related security tools and technologies such as Splunk, Splunk ES.
- Experience with Vulnerability Management and network scanners.
- Experience with Cloud workload and monitoring solutions.
- Proficient use of various tools and techniques, including risk, business impact, control and vulnerability assessments, used to identify business needs and determine control requirements.
- Excellent technical knowledge of Office 365 and Microsoft Windows operating systems and a wide range of security technologies, such as network security appliances, identity and access management systems, anti- malware solutions, automated policy compliance, logging and filtering tools, and desktop security solutions.
- Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts.
- Experience in system and application technology security testing, including static and dynamic code review, vulnerability scanning and penetration testing.
- Familiarity with router and firewall operations and maintenance.
- Ability to interact with personnel at all levels and across all business units / organizations, and to understand business imperatives.
- Strong knowledge in of all core internet protocols (e.g., TCP/IP, DNS, SMTP, HTTP, etc.)
- Experience working with security tools such as SIEM, vulnerability scanning, laptop data encryption, endpoint data protection, Data Loss Prevention and Classification, application pen testing, WAFs, Cloud Workload Monitoring.
- Experience with Linux is a plus
- An undergraduate degree is required, preferably engineering related.
- Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
- Analytical and problem-solving mindset.
- Highly organized and efficient.
- A Bachelor’s degree is required, preferably in an engineering related field.
- 7-10 years of IT and network security experience
- Preferable, but not required: CISSP