Senior Cyber security Operations Engineer
We are currently seeking a Sr. Security Operations Engineer, for our Cloud Security team. As part of this dynamic group, you will be the blue team expert responsible for monitoring, detection, and response activities with regards to security vulnerabilities, threats, events, and alerts within AWS and GCP public clouds. You will report to the Director, Cloud Security and will be a key member to help shape the future of our business.
You will make an impact by being responsible for:
- Monitor, analyze, and investigate security logs, events, and alerts from a variety of devices and platforms including but not limited to, SIEM, IDS/IPS, Container Security agents, WAF, OS logs, AWS and GCP platform logs, etc.
- Identify gaps in visibility and detection of attacks and malicious events, and work towards SOC maturity trends for AWS and GCP
- Lead projects involving ingestion of new log sources, building content for the SIEM, new rules and filters as needed for improved context, visibility, correlation
- Provide subject matter expertise in security threat analysis, hunting, detection, and response across Automation Anywhere’s SaaS cloud environments, build IR run books and automated workflows
- Be part of the Security Incident Response Team (SIRT) activities, helping SIRT to detect, respond, contain, and recover from security incidents in a timely manner
You will be a great fit if you have:
- 5+ years of previous experience working in security operations, threat detection, hunt teams, or incident response, triaging cyber security alerts, events, incidents
- Excellent understanding and ability to investigate threat campaign(s) techniques, lateral movements, C&C communications, and indicators of compromise (IOCs)
- At least 3+ years of hands-on experience in a SIEM (a cloud native SIEM preferred) - querying of raw logs, tuning analysis and investigation of alerts, and writing content and correlation rules
- Minimum 3 years of experience in security analytics, correlation, tuning, analyzing and investigating alerts from multiple security tools, Network Packet Analyzers, Log Analysis (Windows, Linux, Web / LB, AWS CloudTrail / GuardDuty, GCP Security Command Center etc.)
- Familiarity with at least one public Cloud platform (AWS or GCP) with working knowledge of IaaS platforms and services (VPC, EC2/Compute, EKS/GKE, S3/Cloud Storage, RDS/Cloud SQL, GuardDuty/ Security Command Center, etc.)
- Experience developing operations playbooks, IR run books, security orchestration and automated responses and processes within SOC
- Thorough understanding of the threat and attack landscape in network and web applications, latest security attack vectors, MITRE ATT&CK Framework and Cyber Kill Chain and how they can be used in detection and prevention
- Security certifications like CISSP, CEH, OSCP, GSEC, GCFA, GCIH, GCIA, CHFI, AWS certification etc. are highly desired
- Degree in Computer Science or related field or equivalent combination of professional development training and experience
You excel in these key competencies:
- Excellent verbal and written communication skills and ability to document and explain technical details and incident reports clearly and concisely
- Agility and willingness to deal with a high level of ambiguity, change, and pressures of high-profile incidents
- Flexibility—willingness to pitch in where needed across program and team
- Strong leadership, influence, and teamwork skills; sound problem resolution, judgment, negotiating, and decision-making skills
- Solid skills of cloud solutions and security best practices for operating in the cloud
- Strong knowledge of industry standards, vulnerability classifications, and attack vectors
- Experience working effectively with global teams in multiple time zones
Why Automation Anywhere?
At our company each person brings their unique talents to work as a team and make a difference. As the leader in Robotic Process Automation (RPA), we provide a very compelling product where our teams are breaking new ground every day and given an environment to grow their skills and have fun along the way. Our technology is the game changer, and our people give us the edge to better our world and go be great!
Automation Anywhere is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.
**All unsolicited resumes submitted to any @automationanywhere.com email address without HR/Recruiting approval, whether submitted by an individual or by an agency, will not be eligible for an agency fee.
All unsolicited resumes submitted to any @automationanywhere.com email address, whether submitted by an individual or by an agency, will not be eligible for an agency fee.