Lead Information Security Engineer
Wells Fargo
AnsibleCloudFirewallsTerraform
Lead Cybersecurity Engineer
Cox Enterprises
full-time
Posted on:
Location Type: Hybrid
Location: Atlanta • North Carolina • 🇺🇸 United States
Visit company websiteSalary
💰 $119,600 - $199,400 per year
Job Level
Senior
Tech Stack
AWSAzureCloudCyber SecurityFirewallsLinuxPython
About the role
- Oversee and manage daily SOC operations, ensuring priorities and quality objectives are consistently met
- Lead incident triage and response efforts, reviewing and addressing escalated security events from Tier I/II analysts
- Direct technical activities across all phases of the incident response process: detection, assessment, containment, eradication, and recovery
- Conduct forensic analysis on compromised systems and coordinate with third-party resources as needed
- Perform in-depth incident analysis by correlating data from multiple sources to identify root causes and impacts
- Document and communicate findings, producing comprehensive after-action reports for the security team
- Develop and execute threat hunting strategies across the organization to proactively identify and mitigate threats
- Recommend and implement improvements to enhance the effectiveness and efficiency of threat intelligence, incident response, and scalability
- Lead technical incident response efforts, ensuring clear and active communication among stakeholders
- Collaborate with engineering teams to optimize enterprise monitoring platform configurations for effective threat detection and response
- Drive continuous evaluation and integration of monitoring platform configurations to enhance SOC capabilities and support efficient operations
- Partner with Security Engineering teams to enhance features and capabilities within existing security tools
- Execute projects under the guidance of Cyber Defense Leadership
- Train and mentor junior analysts, fostering their professional growth and development
- Develop, implement, and mature SOC policies and procedures to ensure robust security operations
- Stay informed on emerging threats and technologies, continuously adapting SOC strategies to address evolving security challenges
- Perform additional tasks and duties as directed by the CSOC Manager
Requirements
- Bachelor’s degree in a related discipline and 6 years’ experience in a related field (the right candidate could also have a different combination, such as a master’s degree and 4 years’ experience; or 18 years’ experience in a related field in lieu of degree)
- 6+ years of technical experience in the information/cyber security field
- 2+ years of direct experience in an Incident Response role in large enterprise environments
- Experience in the application of Incident Response methodologies
- Strong knowledge and experience with the Windows and Linux operating systems
- Working knowledge of cloud technologies such as Amazon, Azure, and Google
- Experience using Python, PowerShell or equivalent automation and enrichment technologies
- Experience with Microsoft Graph API and KQL
- Strong knowledge of network protocols, web servers, authentication mechanisms, anti-virus, and server applications
- Ability to execute under pressure
- Ability to perform independent analysis, distill relevant findings and root cause
- Ability to communicate complex ideas clearly and effectively using written and verbal communication
- Preferred: Cloud technology experience and associated incident response techniques
- Preferred: Ability to perform forensics on Windows endpoints
- Preferred: Experience with endpoint security agents (Microsoft Defender, CrowdStrike etc.)
- Preferred: Experience with threat hunting in cloud environments
- Preferred: Azure, AWS, GPC experience
- Preferred: Experience with Fortinet, Palo and Juniper firewalls
- Preferred: Experience with network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump, etc.) and analysis techniques
- Preferred: Experience automating response operations through SOAR, Logic Apps, Defender Live Response or similar technologies
- Preferred: Industry certification such as GCIH, CCIA, GIAC, CISSP, or CISM
Benefits
- The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company’s needs, and its obligations
- Seven paid holidays throughout the calendar year
- Up to 160 hours of paid wellness annually for their own wellness or that of family members
- Additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave
- Health care insurance (medical, dental, vision)
- Retirement planning (401(k))
- Paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO)
- Flexible Work Option Hybrid - Ability to work remotely part of the week
- Position may be eligible for additional compensation that may include an incentive program
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
incident responseforensic analysisthreat huntingWindows operating systemLinux operating systemPythonPowerShellMicrosoft Graph APIKQLnetwork protocols
Soft skills
communicationindependent analysisexecuting under pressurementoringcollaborationleadershipproblem-solvingadaptabilitydocumentationtraining
Certifications
GCIHCCIAGIACCISSPCISM
