Information Security Engineer
Primary Purpose and Goal of Role
Quzara is seeking an Information Security Engineer to ensure the security and integrity of the company's IT systems. This involves monitoring and detecting security events and incidents, primarily using Microsoft Sentinel and other Microsoft 365 Defender portals.
As an expert in Microsoft Sentinel (SIEM), the engineer will optimize analytical rules and notebooks, and use Jupyter notebooks for threat hunting and remediation actions.
A key aspect of the role also includes managing a team of security analysts in a 24x7 Security Operations Center (SOC) environment, serving as the primary point of escalation for critical incidents.
This role is crucial in maintaining the company's cybersecurity posture and responding effectively to security threats.
- Monitor and detect security events and incidents using Microsoft Sentinel and other Microsoft 365 Defender portals.
- Act as subject matter expert in Microsoft Sentinel (SIEM) and use it to optimize analytical rules and notebooks.
- Use Jupyter notebook for threat hunting and taking remediation actions through custom logic apps.
- Manage a team of security analysts in a 24x7 SOC environment and act as the point of escalation for critical incidents.
- Master of Science degree in Electrical Engineering, Computer Engineering, Telecommunications or a closely related field plus 1 year of experience in Security operation center (SOC)/Information security engineering.
- OR Bachelor of Science degree in Electrical Engineering, Computer Engineering, Telecommunications or a closely related field plus 5 years of experience in Security operation center (SOC)/Information security engineering.
- Travel within the U.S. required less than 10% of time.
- Experience must also include at least 1 year of experience in each of the following:
- Leading & managing SOC team with 24/7 shifts in a SOC environment.
- 24/7 monitoring a SOC emergency on-call rotation.
- Security architectures & standard security solutions & services (such as EDR, SIEM, vulnerability management, purple team activity & awareness training).
- Security event analysis & triage, incident handling & root-cause identification & reviewing and creating incident response workflow.
- Installing and managing McAfee SIEM, Bit9, Coalfireone, and McAFee Epo.
- riage and resolving alerts from Carbon Black and Crowdstrike EDR.
- Adding privileged accounts in the password vault (CyberArk) to manage passwords, detect threats and report on privileged account activities.
- Using Jupyter notebooks for threat hunting.