Enterprise Security Specialist

Job Overview:

We are seeking a seasoned security expert to fill the role of Enterprise Security Specialist.

This position involves threat intelligence, forensics, and incident response that adhere to best practices and recognized control frameworks.

The successful candidate will be responsible for day-to-day security threat monitoring and analysis, managing security incidents, and reviewing security alerts for compliance.

This individual will work with senior analysts on known or suspected security threats, escalating issues when appropriate and mentoring peers.

The ideal candidate will have strong communication skills, technical expertise, and experience in guiding others.

Typical expectations include 5-7 years of experience in security-related fields and proficiency in scripting languages such as Python, Perl, or PowerShell.

• Identify, assess, and contain threats to enterprise systems, infrastructure, and business applications
• Manage and support log collection, security scanning, intrusion detection, content filtering, and other security-related systems
• Review and triage security alerts, provide analysis, determine remediation, and escalate as necessary
• Provide support for log management and SIEM solutions
• Investigate improper access, revoke access, report violations, and monitor information requests to ensure authorized access
• Detect and respond to malicious behavior on public cloud, workstations, server environments, and distributed networks
• Optimize threat detection and alerting for DLP, email protection, EDR, and threat hunting, cloud/workload security products, IDS/IPS, firewalls, and other security technologies
• Proactively hunt for threats within complex and distributed networks
• Write, update, and maintain detection signatures, tune systems/tools, and develop automation scripts and correlation rules
• Maintain knowledge of adversary TTPs and threat intelligence to implement detection and mitigation strategies
• Conduct forensic analysis and engage with third-party resources as required

A degree in Cybersecurity, Information Technology, Computer Science, or related field is desirable. Industry-recognized certifications are a plus (e.g., CISSP, CISM, CEH, CompTIA Security+, SANS). Certifications from public cloud providers (AWS, Azure, Google, Oracle) are a plus.

Key Skills:

• Experience in forensics, malware analysis, threat intelligence
• Ability to understand, modify, and create threat detection rules within a SIEM
• Understanding of log collection and aggregation techniques (ELK stack, syslog-NG, Windows Event Forwarding, etc.)
• Knowledge of Windows and Linux operating systems
• Experience with scripting languages (Python, Perl, PowerShell, or equivalent)
• Experience with MITRE ATT&CK framework tactics and techniques
• Experience with network forensics and related toolsets and analysis techniques
• Experience with host-based detection and prevention solutions
• Ability to reverse engineer malware is a plus
• Ability to correlate data from multiple sources to identify cyber threats and vulnerabilities
• Ability to deploy countermeasures or mitigations under pressure
• Experience with incident response and incident management procedures
• Build collaborative relationships to facilitate work goals
• Experience with PCI-DSS, ISO-27001, and/or SOC II is a plus
• Experience aligning security controls with NIST 800-53 and CIS is a plus
• Project management skills are a plus
• Experience with technologies such as SentinelOne, Tanium, Google Chronicle SIEM, Cloudflare security, ModSec, Tenable.io, Lacework, Recorded Future, ServiceNow, Jira, Microsoft Defender for Endpoints, Microsoft Security and Compliance, VirusTotal, SiteLock, Monarx, NGNIX
• Experience with native cloud security services (AWS, Google, Azure, Oracle) is a plus

Educational And Certification Requirements: