Sr Security Engineer at Alexander Technology Group

The Incident Response Lead plays a pivotal role within the Security Operations team, acting as a strategic leader in managing responses to sophisticated security threats. This position involves planning and refining the incident management framework, driving initiatives to enhance the organization’s cybersecurity posture, and fostering a culture of continuous improvement and resilience. The role also includes collaborating with stakeholders at all levels to effectively communicate incident management processes and updates.

MAJOR RESPONSIBILITIES:

• Conduct thorough analyses of security data, providing actionable recommendations for improvements to the security network while ensuring effective communication of issues and solutions to both technical and non-technical audiences. This includes addressing daily reported issues from internal users.
• Investigate adversarial Tactics, Techniques, and Procedures (TTPs), and create innovative detection and prevention strategies across various environments, with a focus on the organization's SIEM solution.
• Monitor alerts and events from firewalls, SIEM systems, IDS, and networking devices to systematically identify security vulnerabilities and determine their root causes using a methodical approach.
• Collaborate with senior engineers and technology leadership to define and implement security-driven process enhancements.
• Develop and maintain comprehensive security documentation, including security architecture diagrams, procedural guides, and organizational security standards.

PROBLEM SOLVING & DECISION MAKING:

The Incident Response Lead must demonstrate strong problem-solving and decision-making skills to effectively navigate the complexities of the role. The individual will need to coordinate and make critical decisions in high-pressure and ambiguous scenarios. This includes daily operational decisions and collaborating with senior management to tackle broader issues impacting the organization.

REQUIREMENTS:

Education and Experience:

• Bachelor’s degree or equivalent combination of education and experience.
• 5+ years of experience in security engineering, with at least 3 years in a security-focused role.
• 1-2 years of experience with Azure.
• Familiarity with project management methodologies in large-scale enterprise and service provider environments.

Skills/Knowledge:

• Comprehensive understanding of:
  • Computer forensic analysis
  • Firewall technologies
  • SIEM configuration and content development
  • IP networking (TCP/IP and packet analysis)
  • IPS/IDS attack methodologies
  • Two-factor authentication systems
  • Scripting languages such as PowerShell or Python
  • Knowledge of LINUX and Windows system administration is advantageous.
• Ability to synthesize diverse data points across multiple technical and business domains.
• Highly analytical, organized, and self-motivated.
• Capable of making complex recommendations to management.
• Proficient in leading and coordinating solutions for intricate issues.
• Expertise in managing complex security incidents with a robust understanding of the evolving cybersecurity landscape and threats.
• Excellent organizational and planning skills to manage multiple projects and priorities effectively.
• Experience implementing new security tools in large-scale environments.
• Relevant certifications such as CISSP, GPEN, CEH, and other network security qualifications are preferred.
• Advanced knowledge in designing and managing complex next-gen firewall infrastructures, including firewall, IPSEC VPN, IPS/IDS, and advanced networking technologies.
• Strong communication skills to convey technical information clearly and effectively to a variety of audiences.
• Ability to build strong relationships and alliances within the organization.
• Proficient in accurately translating and producing technical information for a general audience.