Security Operations Engineer
HIPAA, HITRUST or other healthcare compliance experience required
AWS, Terraform, Security
The SecOps Engineer must demonstrate proficiency and experience using a variety of security systems, including but not limited to: Next Generation Anti Virus and Anti Malware systems such as CrowdStrike, Vulnerability Management tools such as Tenable or Nessus, Data Loss Prevention, Endpoint protection Netskope, Server and workstation hardening, Network and Email security. They must have experience with Terraform, and basic scripting languages Python as well as bash/shell scripting. Must have experience hardening Linux and Windows servers as well as Docker hosts and container images. Must be familiar and comfortable using security tools that the current platform as a Service provider Amazon Web Services provides such as AWS Config, DataDog, CloudWatch Insights, Network Access Control Lists, etc.. The SecOps Engineer must have working knowledge of creating and maintaining a Security information and event management system including building use cases and alerts on security events. Must have working knowledge in participating on Threat Hunting, Incident Response Teams and Threat Intelligence sources. They must have the ability to communicate clearly with technical and non-technical team members and have ability to document their thought and security processes when solving technical security issues as well as reporting and evaluating current risks and security posture.
The SecOps Engineer is responsible for:
1 The implementation and maintenance of the Security information and event management. These include, but are not limited to:
1 Ensuring logs from all information systems, custom developed software, network assets, third party Software as a Service tools are ingested.
2 Ensuring that ingested logs are parsed appropriately to allow for custom use cases and security event alerts to be created.
3 Create security events and alerts based on common use cases such as: brute force attacks, unauthorized access, data exfiltration and anomalies, etc.
2 Administration, implementation and management of management tools. This include, but are not limited to:
1 Install and maintain the Nessus agent on all information systems running Windows, Linux or MacOS operating systems.
2 Create and regularly schedule scans for vulnerability and malware on information systems.
3 Perform internal network scans using Nessus to evaluate and produce reports along with remediation strategies
1 Review results and security scan reports produced by security tools running on the (SDLC).
1 Participate and provide feedback in Code Reviews that affect the security of cloud infrastructure resources before any code is merged and infrastructure created on AWS such as Security groups, VPC, Route Tables, Network Access Control Lists, AWS Account Settings to ensure that Encryption in transit and at rest is implemented for systems that store or transmit highly sensitive data.
2 Ensure that all software projects implement static source code analysis tool SonarQube
4 Review scan results in SonarQube and provide remediation input to software source code authors when necessary.
5 Ensure that all Terraform projects implement infrastructure as code scanning tool TFSec
6 Ensure that infrastructure as code appropriately uses TFSec ignore rules when there aren't security concerns or the risk is being transferred to another resource in some capacity.
7 Review TFSec scan results in Concourse and provide remediation input to infrastructure as code authors when necessary.
1 Perform thorough Risk Analysis of internally developed software and third party software used in internal operations and product offering.
1 Produce an inventory of information systems used across the entire organization
2 Produce an inventory of internally developed software and integrated solutions used in product offering.
3 Review the security architecture and produce an Internal Risk Analysis document for each one of the internally developed components of the product offering.
1 Review and approve any third party Software requested to be used or installed by staff on workstations or servers.
2 Define and continuously improve Security posture.
1 Stay up to date on the latest cybersecurity threats using Threat Intelligence sources.
2 Ensure that there are appropriate policies and procedures for operations tasks that pose any security risk.
1 Regularly attend and provide input in team huddle, planning, testing and sign-off meetings.
2 Security responsibilities
1 All Workforce members will implement and act in accordance with the organization's information security policies.
2 All Workforce members will protect assets from unauthorized access, disclosure, modification, destruction or interference;
3 execute particular security processes or activities;
4 ensure responsibility is assigned to the individual for actions taken;
5 and report security events or potential events or other security risks to the organization.