SecOps Engineer

Description

Under the guidance of the CISO, the SecOps Engineer helps to design and build security solutions and put tools into place to secure and protect enterprise systems and information. These security solutions typically require regular maintenance, so SecOps engineers must keep them working and get them back up to speed when an issue arises. Security engineers are also responsible for deploying new security software and hardware, and regularly updating it as needed. When a breach occurs SecOps engineers must investigate to determine the root cause. As part of root cause analysis, the SecOps engineer can help write and distribute reports of their findings (known as postmortems) to share with key decision makers about how to improve security practices moving forward to prevent similar breaches.

Want more jobs like this?

Get Software Engineering jobs in Miami, FL delivered to your inbox every week.

Get Jobs

Send me The Muse newsletters for the best in career advice and job search tips.

By signing up, you agree to our Terms of Service & Privacy Policy.

• Oversee and develop our SOC processes and tools including ITSM workflows
• Manage 3rd party solution providers for SOC (Falcon Overwatch and Rapid7 MIDR today or outsourced in the future)
• Oversee SOC and SIEM solutions (ex. Rapid7, Palo Alto, Microsoft Sentinel)
• Oversee vulnerability management program and assist with patching operations as directed (ex. Crowdstrike Spotlight, ManageEngine Patch Manager Plus, WSUS, Tanium[TM1] , Microsoft Endpoint Manager)
• Conduct Annual testing of the Incident Response Plan (tabletops) and participate as member of IR response team
• Monitor activity from all security solutions (Crowdstrike, Rapid7, etc.) and record actions and processes
• Assist with troubleshooting security solutions as directed
• Manage and oversee 3rd party managed service providers to ensure alignment to established SLA's
• Develop and review oversight reporting (AD changes, GPO changes, etc.)
• Monitor alerts from various security solutions
• Oversee and assist in development of secure CI/CD and "shift left" security capabilities
• Implement and maintain on-prem, datacenter and cloud cybersecurity monitoring solutions through native tools, third party tools and custom API integration to extend monitoring and response capabilities into those environments.
• Create and maintain key metrics that are indicative of the security posture of Intermex infrastructure and resilience readiness.
• Keep abreast of threat intelligence feeds to stay abreast of industry reports and emerging threat that may affect Intermex.
• Be able to configure and enable compliance and configuration policies for MDM and endpoint management solutions.
• Investigate intrusion attempts and perform in-depth analysis of exploits by correlating various sources and determining which system or data set is affected.
• Follow standard operating procedures for detecting, classifying, and reporting incidents.
• Conduct proactive threat research by analyzing a variety of network and host-based security appliance logs to determine the correct remediation actions and escalation paths for each incident.
• Independently follow procedures to identify, contain, analyze, document and eradicate malicious activity.
• Document all activities during an incident and provide leadership with status updates during the life cycle of the incident. Provide written analysis for reports to be presented to stakeholders on an as-needed basis.
• Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions.
• Collaborate with Intermex Cybersecurity Team to ensure that all Intermex controls are met by providing audit and continuous monitoring artifacts to compliance as required.
• Key participant in internal/external meetings to discuss product security certification strategy, efforts, and results supporting face to face meetings & calls.