The role of the Security Operations Engineer is to design, implement, and uphold engineering security systems and architecture to ensure the Confidentiality, Integrity, and Availability of highly sensitive data, aligning with security processes and procedures set forth by the Security Officer. The Security Operations Engineer will collaborate closely with developers, quality assurance engineers, database administrators, and IT staff to define and document risk analysis, protocols, and procedures for information systems or custom software they create.
Requirements The Security Operations Engineer should demonstrate proficiency and experience in employing various security systems, including but not limited to: Next-Generation Anti-Virus and Anti-Malware systems like CrowdStrike, Vulnerability Management tools such as Tenable or Nessus, Data Loss Prevention, Endpoint protection, Server and workstation hardening, Network and Email security. Proficiency in basic scripting languages like Python and bash/shell scripting is necessary. Experience in fortifying Linux and Windows servers, as well as Docker hosts and container images, is a must. Familiarity and ease in using security tools provided by Platform as a Service provider Amazon Web Services (AWS) like AWS Config, CloudWatch Insights, Network Access Control Lists, etc., is expected. The Security Operations Engineer should possess a working knowledge of creating and maintaining a Security Information and Event Management system, including building use cases and alerts for security events. Working knowledge of participating in Threat Hunting, Incident Response Teams, and utilizing Threat Intelligence sources is crucial. Effective communication with both technical and non-technical team members, along with the ability to document their thoughts and security processes when addressing technical security issues, reporting, and evaluating current risks and security posture is essential.
Roles and Responsibilities
The Security Operations Engineer is responsible for:
1
Implementing and Maintaining Security Information and Event Management: a. Ensure ingestion of logs from all information systems, custom-developed software, network assets, and third-party Software as a Service tools. b. Ensure appropriate parsing of ingested logs to facilitate custom use cases and creation of security event alerts. c. Create security events and alerts based on common use cases such as brute force attacks, unauthorized access, data exfiltration, and anomalies, etc.
2
Administration, Implementation, and Management of Vulnerability Management: a. Install and maintain the Nessus agent on all information systems running Windows, Linux, or MacOS operating systems. b. Create and regularly schedule scans for vulnerability and malware on information systems. c. Perform internal network scans using Nessus to evaluate and produce reports along with remediation strategies.
3
Reviewing Results and Security Scan Reports: a. Participate and provide feedback in Code Reviews affecting the security of cloud infrastructure resources before merging any code and creating infrastructure on AWS, such as Security groups, VPC, Route Tables, Network Access Control Lists, AWS Account Settings, ensuring Encryption in transit and at rest is implemented for systems that store or transmit highly sensitive data. b. Ensure that all software projects implement static source code analysis tool SonarQube. c. Ensure that scanning rules for Python, Java, and JavaScript programming languages in SonarQube are up to date and reasonable to reduce the likelihood of threats due to not following secure coding best practices. d. Review scan results in SonarQube and provide remediation input to software source code authors when necessary. e. Ensure that all Terraform projects implement the infrastructure as code scanning tool TFSec. f. Ensure that infrastructure as code appropriately uses TFSec ignore rules when there aren't security concerns or the risk is being transferred to another resource in some capacity. g. Review TFSec scan results in Concourse and provide remediation input to infrastructure as code authors when necessary.
4
Conduct Thorough Risk Analysis: a. Produce an inventory of information systems used across the entire organization. b. Produce an inventory of internally developed software and integrated solutions used in product offering. c. Review the security architecture and produce an Internal Risk Analysis document for each one of the internally developed components of the ESP product offering.
5
Review and Approve Third-Party Software Usage: Review and approve any third-party software requested to be used or installed by staff on workstations or servers.
6
Define and Enhance Security Posture: a. Stay up to date on the latest cybersecurity threats using Threat Intelligence sources. b. Ensure appropriate policies and procedures for operations tasks that pose any security risk.
7
Regular Meeting Participation: Regularly attend and provide input in team huddle, planning, testing, and sign-off meetings.
8
Security Responsibilities: a. All Workforce members will implement and act in accordance with the organization's information security policies. b. All Workforce members will protect assets from unauthorized access, disclosure, modification, destruction, or interference; execute particular security processes or activities; ensure responsibility is assigned to the individual for actions taken; and report security events or potential events or other security risks to the organization.
