Security Operations Engineer

LeadStack Inc.

CA, San Jose




Job Summary

Responsible for responding to cyber-security incidents generated from existing security controls. This role is part of a new team in charge of event monitoring protocols, event correlation rules, incident response playbooks, and other controls needed to increase productivity of the security operations team. Additional responsibilities include creating operational metrics, identifying and communicating changes to existing processes and procedures, as well as collaborating with internal and external teams. Responsibilities: ” Work with Cyber Security Architect and IT Operations team to secure our IT infrastructure. ” Perform Tier-1 tasks on Information Security technologies, to maintain and manage configuration standards and to adapt to new threats ” Support Security Administration, Configuration, and Management of existing security technologies, software, and solutions. ” Work on Cyber Security projects providing technical support and guidance to IT teams ” Fine tune existing technologies to ensure optimal performance and improved detection/prevention capabilities ” Analyze and validate Cyber Security alerts, provide detailed reports on resolution, follow up with relevant teams to closure ” Perform incident response by conducting advanced computer and network forensic investigations ” Develop and manage threat hunting across different areas of the network, for proactive detection of anomalous events and possible intrusions/attacks ” Stay up to date with current threat landscape and devise countermeasures for any applicable threats across the network infrastructure ” Document existing security controls, run books and update them at regular intervals ” Assist with identification of new security controls and work on POCs with multiple vendors



” Bachelor’s degree in a related field or equivalent demonstrated experience and knowledge ” 1-3 years’ experience as a Security/Network Administrator or equivalent knowledge ” Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). ” Experience in other network infrastructure security technologies (DLP, IDM, SIEM, Proxy, IDS/IPS, Firewalls, PKI, Multifactor authentication etc.) is a plus ” Knowledge of various security methodologies and processes, and technical security solutions ” Knowledge of TCP/IP Protocols, network analysis, and network/security applications ” Knowledge of common Internet protocols and applications ” Must be able to be adaptable, focused and accountable ” Excellent verbal and written communication skills