Security Operations Engineer
About the Role:
As a member of the Cloud Security team, a successful Security Operations Incident Response Engineer will need to be self-sufficient to collaborate effectively with multiple teams, such as Application Support, Infrastructure Operations, DevOps, and Product R&D. A diverse engineering skill set will be necessary to support the challenging set of responsibilities that go beyond event monitoring and incident investigation - security policy enforcement, continuous and on-demand system compliance auditing, producing security and compliance metrics and reports, but also helping other teams resolve security gaps and understand security best practices. You will have to be proficient in at least one scripting language to develop your own tools, and you will also need a hands-on and analytical approach to search, find and implement any third party tools that may help you achieve your goals.
- Development of SIEM rules, dashboards and reports, liaising with system owners and Product R&D on the required event quality and data content.
- Security policy auditing and enforcement across multiple disciplines (both in Public Cloud consoles/components and also in Private Cloud and on-premise network, server, database environments).
- Automate security metric collection and audit artifact generation to support both real-time security and annual compliance audits, and to detect and alert for non-compliant and alien assets.
- Help Cloud Operations move towards a software defined security model where all compliance requirements, across all layers - hardware, data center infrastructure, software, third party cloud, etc - are fully centralised, software defined, automated and monitored for their effectiveness.
- Take lead on investigation and research when appropriate, be able to mentor team members.
- Working in a geographically distributed team in different timezones, demonstrating excellent written and verbal communications, interpersonal skills, persistence, and an attention to detail.
- Holder of certifications relevant to the role such as CCSP, CISSP, CEH, OCSP, CCNA/CCNP, AWS Certified Security, etc.
- Thorough understanding of cloud assurance and compliance frameworks - e.g. CSA, SCAP, CloudAudit, GRC XML, ISACA's Cloud Computing Management Audit/Assurance Program, etc.
- Thorough understanding of various compliance frameworks and the ability to implement their requirements - e.g. SSAE18, FedRAMP, CSA, PCI, ISO27K, NIST, etc.
- Broad technical understanding across Information Security (eg. Incident Response, Intrusion, Attack Monitoring, Networks, Threat and Vulnerability Management) with strong hands on technical experience.
- Experience designing, implementing, and maintaining SIEM-related controls with at least one major SIEM tool. Sysadmin experience with various enterprise operating systems and containers - including Amazon Linux, CentOS, Windows Server Core, RHEL, Docker, Amazon EKS, etc.
- Minimum of 3-5 years experience managing AWS and/or Azure environments through API. Deep understanding of related security event feeds (CloudTrails, VPC Flow logs, Netflow logs, Cisco ASA and Palo Alto firewall logs, F5 ASM and Sophos UTM logs, etc)
- Experience with Terraform, Git, Puppet, Chef, Ansible, and similar configuration and code management systems and tools.
- Experience with Security-as-a-Service and other third party vendors and their APIs - e.g. Splunk, CrowdStrike, Rapid7, etc.
- Programming/scripting experience on Linux. Python preferred, Windows PowerShell experience is a plus.
- Programming tasks will involve code-based interaction both with web-based UIs and infrastructure provisioning tools. Must be self-starter and be able learn technologies quickly.
NICE Systems is an Equal Opportunity/Affirmative Action Employer, M/F/D/V.
NICE is committed to provide an environment based on equal opportunity for all qualified applicants and employees. It is the policy of NICE to afford equal employment opportunities to qualified individuals, regardless of age, race, color, creed, religion, citizenship, ancestry, national origin, sex, gender, pregnancy, mental or physical disability, marital status, veteran status, service in the Armed Forces, sexual or affectional orientation, atypical hereditary cellular or blood traits, genetic information, status as a victim of domestic or sexual violence, and/or any other status protected by any applicable federal, state and/or local statute or regulation.