Cyber Security Operations Engineer

The CSOC Operations Engineer III position is a technical leader responsible for the tactical execution of incident response, threat detection and continuous improvement of solutions which defend and protect our computer systems, information, and networks from intentional or unintentional access, modification, or destruction. This position is responsible for technical leadership in the design, planning, documenting and support of projects and cyber security solutions for the company.

This position needs to intently focus on prioritization and always seek the improvement of processes and tools, providing recommendations to engineering and architecture teams. A successful CSOC Operations Engineer III will have a multidisciplinary background beyond cyber security, with advanced knowledge in fields such as client and server systems, networking, and application development. This position will also be responsible for ensuring systems and processes follow regulatory requirements, such as PCI‑DSS, HIPAA and SOX.

This position is responsible for the mentorship of other IT staff and performs third level support for incidents and issues.

• Lead Cyber Security Incident Response as an incident owner, direct incident response activities, provide real‑time decision making and communicate with the incident commander.
• Function as a threat hunter, working proactively to seek out weaknesses and stealthy attackers, conducting penetration tests and reviewing vulnerability assessments.
• Continuously develop and improve security technologies, focusing on the development of automation and orchestration capabilities as it relates to incident response.
• Coordinate documentation of activities during an incident and provide status updates to the incident commander during the life cycle of the incident.
• Participate in post‑mortem collections and after‑action reviews to identify and remediate gaps in processes and technologies.
• Participate in regular table‑top sessions with the CSIRT and E‑CSIRT teams to evaluate readiness, address changes in company, external cyber security threats and impact.
• Participate in after action reviews to identify and remediate gaps in process or technologies.

• Serve as an escalation point for all cyber security infrastructure operational issues during business hours and on‑call for junior members of the team.
• Provide third tier support and subject matter expertise for all cyber security technologies and solutions.
• Work with the CSOC Principal and Manager to provide the team with tactical direction of operational technology capabilities focused on continuous improvement.
• Guide Security Engineering with necessary support as needed during IT projects with Cyber Security needs.
• Ensure project transitions meet CSOC operational standards for needed functionality, prevention, monitoring, detection, and response.

• Perform third tier analysis of exploits such as malware, network intrusions, and unauthorized use to help determine attack‑surface, patient zero, and possible pivot‑points for escalation.
• Provide technical leadership to the team and guidance in investigating escalated notable/suspicious events and the latest investigation techniques, containment and mitigation methods, evidence handling standards, threat intelligence, playbook development and case documentation best practices.
• Participate in the Cyber Security Risk Scoring process to include scoring risks, providing remediation or compensating control guidance and risk remediation/mitigation validation.
• Stay current on monitoring, detection, prevention, analysis, and investigation techniques/tools and adversary techniques, to implement recommendations for improving cyber security event processes, procedures and tooling.
• Participate in regular technical table‑top sessions with the cyber security teams to evaluate readiness, address changes in company, external cyber security threats and impact.
• Participate in after action reviews to identify and remediate gaps in process or technologies.