Secops Engineer Ii (Siem)

About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients' hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world. But that's not who we are – that's just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. Position Summary As a SecOps Engineer II at Coalfire within our Managed Services group, you will be a self-starter, passionate about cloud security, and thrive on problem-solving. You will provide strategy, leadership, and operational support of Security Operations processes for clients with regulatory compliance requirements. The Managed Services team is responsible for configuring, managing and updating security tools (SIEM / EDR) in our client environments and performing alert triage of security alerts. You will work within major public clouds and best-of-breed tools, utilizing your technical abilities to monitor vulnerabilities and recommend remediation or resolution.
\n What You'll DoProvide 24x7x365 security monitoring for multiple clients while working closely with SREs and product teamsWork across a myriad of technology stacks in leading cloud providers like AWS, Azure, and GCPAnalyze security events using logs and open-source knowledge to determine legitimate or false positive natureMaintain a record of security monitoring activities via case management and ticketing technologiesAdminister and monitor intrusion detection, file integrity, endpoint protection, log management and SIEM solutionsIntegrate security tools using a wide variety of data sources that use various protocolsDesign, build, and maintain environment-specific rules, alerts, and dashboards in SIEM tooling via custom queriesConsult with clients to customize and configure SIEM tools in order to meet security and compliance requirementsCommunicate alerts to team members and clients related to security anomalies in the environmentApply technical writing skills to create formal documentation such as analytical reports and briefingsDevelop and maintain standard operating procedures and training materialsParticipate in on-call rotations as needed to support client operational needs that may lay outside of business hoursConduct testing and data reviews to evaluate the effectiveness of current security and operational measures to ensure compliance requirements are being metAssist with administration and maintenance of SIEM, Log Management, and Data Analytical PlatformConduct System Health Checks on managed technologies and provide recommendations on performance improvements.Schedule and run regular technical changes such as version updates, security patches, major software releases following best practices for change management policies and proceduresAiding customer-initiated requests such as Log Source configuration, App installation, Data Parsing, Use Case Development, and Troubleshoot complex issues for managed technologies.Create and maintain standard operating procedures, technical documents, and troubleshooting guidelines of security solutions.Configure and troubleshoot managed security devicesDevelop technical solutions to automate repeatable tasksProvide overall guidance, instruction, and leadership to SOC analystsOpening and following up on tickets and customer requests with 3rd party vendorsUtilize tools and analytical skills to investigate the root cause of issues across the technologiesAreas of responsibility will include onboarding new data sources, developing alerting, developing run books, conducting security investigations, responding to incidents, and deploying security solutions in a rapidly growing environment What you'll BringBS or above in related Information Technology field or equivalent combination of education and experience4+ years of experience in 24x7x365 production security operations4+ years of experience administering and operating security tooling such as SIEM, IDS, and endpoint protection4+ years of hands-on technical experience supporting cloud operations and automation in Azure, AWS, and/or GCPExperience with ITSM solutions such as Jira and ServiceNowCertifications such as Splunk Enterprise Certified Admin/Splunk Power User or ELK/Sentinel/Google SecOps Certification.Proven experience configuring, implementing, and supporting SIEM components deployed in the CloudKnowledge of scripting languages such as PythonUnderstanding of regular expression and query languagesPractical experience in administration of Linux infrastructure.Experience in Information Security with a focus on incident response and security engineeringExperience analyzing events or incidents to triage the issue, find the root cause through log and forensic analysis, and determine security vulnerabilities, attacker exploit techniques, and methods for their remediation.Experience developing playbooks, run books, troubleshoot technical issues, and recognize and identify patternsExperience with AWS and vendor SaaS IntegrationsExperience with automation, building security, and/or deploying toolsProficiency with infrastructure as code, such as Terraform Excellent communication, organizational, and problem-solving skills in a dynamic environmentEffective documentation skills, to include technical diagrams and written descriptionsAbility to work independently and as part of a team with professional attitude and demeanor Bonus PointsPrevious experience mentoring or managing consultants in a professional services organizationPrevious experience supporting 24x7x365 security operations for a SaaS vendor. Exampled industry-influencing material development, such as whitepapers, blogs, research papers, or guidance.
\n$71,000 - $122,689 a year
The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. \nWhy You'll Want to Join Us At Coalfire, you'll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you'll work most effectively – whether you're at home or an office. Regardless of location, you'll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You'll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you'll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options. At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at ******** .