Descripción del puesto

We’re looking for a Security Engineer to join and help grow our team. Our Security Operations team is tasked with monitoring and protecting the company from an ever growing number of security risks, as well as finding new and creative ways to do so. Having a strong focus on engineering and innovation, we are seeking individuals who love to find new problems and hate fixing the same problem twice.

Location: Mexico

Responsibilities:

• Work closely with the cyber security organization to build monitoring and response tooling and processes to improve our monitoring and response capabilities.
• Logging: Get all security relevant cloud, infrastructure and application logs parsed and into our SIEM.
• Detection:
  • Set up detection and prevention rules and policies.
  • Perform Proof of Concept (POC) and deploy tools that help with detection.
  • Tune and audit deployed rules and policies in security tools on true and false positives.
  • Set up detection frameworks, threat intel framework/program, and ATO detection program/framework, among others. .
• Response:
  • Build plan and procedures for Incident Response.
  • Create playbooks to be followed, automate responses, develop/deploy malware analysis tools and techniques, forensic techniques to capture evidence/malware, POC and deploy tools that help with response,.
  • Collaborate with customer service teams and engineering teams, among others.
• Monitoring and Analysis:
  • Build security alerts and dashboards in various incident response tools.
  • Monitor for suspicious activities/alerts in the cloud, infrastructure or applications from various sources such as internal reports from employees as well as external reports such as customers/social media, vendors, partners, or bug bounty programs, and deployed/integrated security tools, data visualization tools.
  • Analyze these suspicious activities/alerts including malware analysis and forensics.
  • Respond to security alerts and incidents, including novel issues, and take appropriate action to remediate and resolve.

Requisitos

Requirements:

• 5+ years experience working in cyber security operations.
• Thorough understanding of the threat landscape, the latest security trends, attack vectors for corporate and cloud environments, and how to build detection and response tooling to identify and respond to malicious actors.
• Experience with building and scaling SOAR/SIEM technologies.
• Experience with incident detection and remediation.
• Strong working knowledge of threat vectors, vulnerabilities, and what anomalies to look for.
• Strong working knowledge of Linux and/or Windows logs & indicators.
• One or more scripting languages to automate or build features (Python, or PowerShell preferred).
• Hands-on experience with incident response and monitoring tools, such as SIEM, EDR, and Firewall Management.
• Excellent communication skills, especially the ability to communicate security risks in “business” rather than purely “engineering”.
• Strong understanding of cyber security best practices and frameworks such as NIST, MITRE, ATT&CK Framework, and OWASP Top 10.