Security Engineer II: Detection Engineer

San Antonio, TX, United States

Responsibilities:

Our Partners thrive The H-E-B Way . As a Security Engineer II: Detection Engineer you would have a

HEART FOR PEOPLE you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams

HEAD FOR BUSINESS you have an ownership mentality and a consistent track record of timely delivery of high-quality software

PASSION FOR RESULTS the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions.

This position is responsible for developing content and maintaining the reports, alerts, correlation, and triggers for security tool sets, based on data and feedback supplied by Digital Security Operations Center (DSOC) analysts. A deep understanding of security tools is required.

When a DSOC senior analyst requires a piece of information, the system administrator will collaborate with a security engineer to perform the integration, collection, or configuration to receive those pieces of data. This role supports Cyber Fusion Center threat management, Digital Foundational Technology operations, CFC DSOC incident response & DSOC detection engineering efforts.

ROLE

Analyzes and investigates security alerts and helps tune and improve notables.

Integrates SIEM with upstream data sources by automating data ingestion.

Manages large data sets including creating and organizing indexes.

Completes projects and tasks associated with security monitoring, detection, incident response, and security program initiatives.

Develops and documents standard operating procedures and best practices.

As a part of the Cyber Fusion Center, Threat Management & Security Engineering, this position will coordinate with other CFC DSOC team members as well as Digital Foundational Tech (infrastructure) teams to create system connections to collect logs and implement data correlations, & lookup tables.

Develop and implement customized alert and reporting based on DSOC analysts requests

Perform or lead orchestration and automation activities (SOAR) to integrate security tools that support DSOC processes.

Support log aggregation and log retention activities, developing custom solutions when necessary

Support analytics, tuning, and maintenance of endpoint and network security sensors

Work closely with other DSOC team members, threat Intelligence analysts or providers, and other Digital Security teams to improve security platforms or tools for consumers of security operations and investigations

REQUIRED

Minimum of two (2+) years of administrating networked environments, development and support experience with SIEM platforms in medium to large enterprises.

Understanding of security issues and technologies for desktop, virtual, cloud services, and network infrastructures.

Must have in-depth knowledge of operating systems and IT infrastructure, while possessing a detailed technical understanding of log collection, security technologies, firewall rules, computer privileges, and databases. Basic operating system administration, knowledge of common network protocols, and overall familiarity with scripting are necessary skills to improve automation and efficiency.

Experience in IT systems and security policies, standards, industry trends, and techniques.

Experience working with hybrid cloud infrastructure.

Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).

Working knowledge of Python, Golang, JavaScript, PowerShell, Perl, or *nix Shell scripting (multiple).

Experience with published standards, guidance, and frameworks related to information security architecture, information security controls, and practical implementation techniques in an enterprise.

Fundamental understanding of data and secrets security, system administration, vulnerability management, secrets management and vaulting, and platform/OS security.

Demonstrate high level of communication skills, both verbal and written with collaborative mindset

Demonstrate a logical and structured approach to time management and task prioritization.

Familiarity with Agile and other project management methodologies.

Ability to work well under pressure and have great organizational and interpersonal skills.

Recommended

A Bachelors degree in Computer Science or Software Engineering.

One or more professional security certifications such as Certified Splunk Administrator, CISSP, OSCP, OSCE, GCIH, CASP, AWS Security, or equivalent.

Three (3) or more years experience in Information Security, IT Risk Management or IT Compliance.

Familiarity with PCI DSS, HIPAA, and other industry regulations

Experience working with Splunk Enterprise Security.

PERKS?

A robust Benefits plan with coverage starting Day One

Dental, vision, life, and other insurance plans; flexible spending accounts; short term / long term disability coverage

Partner Care Team, for any time you have healthcare or coverage questions

Telehealth offers 24/7 access to board-certified doctors by phone

Partner Guidance allows free counselor visits

Funeral leave, jury duty, and military pay (subject to applicable law)

Maternal / paternal leave for new parents, including adoptions

10% off H-E-B brand products in-store and online

Eligibility to participate in 401(k)

ISSEC3232

#J-18808-Ljbffr