Senior Security Operations Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Overview: As a Senior Security Operations Engineer, you will be an integral part of Qualys SOC (Security Operation Center) and CSIRT (Cyber Security Incident Response Team) contributing to the day-to-day activities aimed at governing entire incident management lifecycle from incident monitoring, triaging, analyzing, and responding to security incidents. This role requires a solid understanding of security technologies, incident triage/investigation & incident response, and a proactive approach to identifying and mitigating potential threats. You will leverage advanced cybersecurity tools and techniques to monitor and secure Qualys infrastructure/systems, Qualys Cloud Platforms, respond to alerts, investigate potential threats, and proactively work for mitigation of identified cyber threats/incidents. At the same time, you will be responsible for providing expert guidance to other SOC engineers in the team and working closely with SOC/CSIRT leadership to improve the organization’s security posture. Key Responsibilities: Security Monitoring and Analysis: Proactively monitor security systems, SIEM platforms, various security tools, analyze logs, network traffic, system events and incident alerts for signs of malicious activity or policy violation. Conduct incident triage, build incident investigation hypothesis, incident response approach. Investigate and respond to alerts, ensuring a timely and effective resolution. Review the triggered incident and analyze the incident tickets created by SOC level 1 engineers for correct incident classification, categorization, setting up security permission, false positive validation and finetuning etc. Must be familiar with various log sources and investigation approach depending on various kinds of incidents. Should understand the correlation between log sources as needed for investigation. Analyze network and host activities associated with both successful and unsuccessful intrusions by threat actor's basis perimeter security logs. Should have experience in correlating malware infections with attack vectors to determine the extent of security and data compromise. Monitor SIEM and other security tools alerts for anomalous or suspicious activity; research alerts and make recommendations to remediate concerns. Analyze, correlate and action on data from subscription and public cyber intelligence services, develop tactics to combat future threats, and follow the Incident Response Plan for required response. The ability to perform analysis of log files from multiple different devices and environments and identify indicators of security threats. You will be responsible for assisting all junior SOC engineers related to incident monitoring, investigation and response. Incident Response: Participate in incident response activities, assisting in the identification, containment, eradication, and recovery from security incidents. Run incident response calls with help of CSIRT lead/manager via incident warroom and bridge call to other incident resolution teams. Document incident response activities along with entire incident timelines and contribute to post-incident reports. Threat Detection & Analysis: Analyze logs, security events, and network traffic for anomalies and indicators of compromise (IOCs). Perform forensic analysis on potentially compromised systems using in-house digital forensic lab. Conduct sandbox analysis and obtain report for various malicious code/payloads identified in case of infected systems. Security Tool Management: Configure and manage security tools such as Endpoint Detection and Response (EDR), Endpoint Protection Platforms (EPP), File Integrity Monitoring (FIM), Application Control (Whitelisting/Blacklisting) on endpoints etc. Identify different attack patterns (IOA - Indicator of Attacks) in security logs which can cause harm to our system. Work with SIEM ... (truncated, view full listing at source)