Cybersecurity Engineer Job Description Template

The Cybersecurity Engineer will be part of a team tasked with detecting security threats across all of our customers. The ideal candidate will have extensive hands-on technical experience delivering use cases and detection rules for multiple attack vectors, as this role focuses on data ingestion from multiple IaaS, PaaS, and SaaS services to provide support for customers’ SIEM technologies. You will conduct attacks against our detection methods and continually learn and improve our services, as well as leading the incident response process by providing support 24 hours a day, seven days a week. You will also direct R&D projects centered on innovation and features to improve customer service. Daily collaboration with other team members is required. In addition to having an innovative and forward-thinking mindset, teamwork is necessary for success in this position.

Typical Duties and Responsibilities

  • Develop detection methods to identify potential threats and take appropriate countermeasures
  • Research and develop new integrations to support the cyber space’s constant evolution
  • Ensure that customer data is properly enriched and validated across multiple technologies
  • Develop detection rules to support our SOC’s alerting and response capabilities
  • Develop scripted automation of manual SOC processes and detection through machine learning
  • Maintain threat intelligence databases in AWS
  • Improve and identify any gaps in the incident response process for customers
  • Develop tools, offensive security techniques, and processes that are innovative and scalable in order to increase the team’s velocity and scale
  • Conduct attack & defend exercises in conjunction with threat intelligence research to enhance new and existing use cases based on newly discovered exploits and TTPs
  • Implement and execute administrative, management, and lifecycle procedures for the SIEM
  • Protect and manage Customers by assuming responsibility for their security requirements
  • Lead incident response engagements
  • Lead and mentor other cybersecurity team members and create training on new features and products
  • Communicate both orally and in writing the risks that exist and the necessary corrective actions for any security incident
  • Work collaboratively and autonomously on unique or special projects that may require specialized knowledge and/or experience

Education

  • Bachelor’s or higher degree in cybersecurity, information security, or a related field, or equivalent experience 

Required Skills and Experience

  • 4+ years of experience in intrusion detection, analysis, incident management, information technology, or a security-related discipline
  • Strong understanding of AWS/Azure IaaS and its various functionalities
  • Solid understanding of the AWS Lambda function
  • Expertise in machine learning and artificial intelligence
  • Expertise in developing parsers and SIEM correlation rules to detect new threats beyond the capabilities of current systems
  • Expertise with Windows, Unix, and Linux operating systems
  • Knowledge of OSI layers, network protocols (IP, ICMP, TCP, UDP), network services (DNS, DHCP, HTTP), and routing protocols
  • Knowledge of threat intelligence in order to interpret IOCs and translate them into SIEM alerts
  • Experience with IDS & IPS
  • Expertise in Regex, Python, PowerShell, and Bash 
  • Practical knowledge of cloud architectures such as AWS or Azure
  • Strong background in security, security platforms, and incident detection 

Preferred Qualifications

  • CompTIA Security+ or Network+ CEH is desired
  • CEH, CCNA, and AWS accreditations are highly preferred
Contact us

Recruit with Nexus IT Group