Job Title: Cybersecurity Engineer

Location: Remote

Summary

We are seeking for a highly motivated and experienced Cybersecurity Engineer to join our dynamic team. You'll play a crucial role in safeguarding our digital assets and ensuring a resilient security posture. Your primary focus will be on proactively detecting and responding to cyber threats early in the attack lifecycle, significantly reducing our Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). You will be instrumental in enhancing and monitoring our suite of advanced security tools and implementing robust threat detection strategies within our Security Operations Center (SOC).

Responsibilities

• Threat Lifecycle Management: Actively participate in the fundamental workflow of our SOC, ensuring holistic visibility across PSU's IT environment for rapid detection, mitigation, and recovery from security incidents.
• Security Tool Enhancement and Monitoring:
• Continuously review and optimize the configuration of our SIEM, EDR, NDR, UEBA, SOAR, Threat Intelligence platforms, and Digital Risk Protection solutions against established baselines and industry best practices.
• Critically assess existing use cases, rules, dashboards, and reports to ensure their effectiveness and relevance.
• Perform rigorous system fine-tuning to minimize false positives, address unparsed logs and events, and rectify any configuration anomalies, providing actionable recommendations for improvement.
• Optimize SOAR configurations, including automatic IOC updates, SIEM blocklist management, alignment with the MITRE ATT&CK framework, and reputation checks for indicators like hashes, IP addresses, and domains.
• Drive Continuous Service Improvement initiatives for our core security tools (SIEM, EDR, Threat Intelligence).
• Provide insightful advisories and recommendations to continuously elevate the security incident capability (SIC) maturity.
• Advanced Threat Detection: Leverage advanced analytics and machine learning algorithms to proactively identify and prioritize potential threats, ensuring timely detection of both known and emerging attack vectors.
• Monitoring Platform Optimization: Ensure our monitoring platform's flexibility to support custom application logs, effectively correlate data across all security services (monitoring, scanning, intelligence), align event data with asset criticality, and correlate events using historical analysis, behavioral patterns, and heuristics.
• Use Case Development and Implementation: Define, develop, and implement relevant and effective security use cases tailored to the PSU environment, adhering to standard methodologies such as the MITRE ATT&CK framework.
• Security Event Categorization: Accurately categorize detected security events based on their potential impact, aligning them with defined severity levels to facilitate effective prioritization and response.
  
  

Qualifications

• Proven working experience as a Cybersecurity Engineer or in a similar role within a Security Operations Center (SOC) environment.
• In-depth understanding of the Cyber Attack Lifecycle and experience in implementing strategies to shorten MTTD and MTTR.
• Hands-on experience in managing and optimizing security technologies such as SIEM, EDR, NDR, UEBA, SOAR, and Threat Intelligence platforms.
• Strong knowledge of security best practices, frameworks (e.g., NIST CSF), and regulatory compliance standards.
• Familiarity with the MITRE ATT&CK framework and its application in developing threat detection strategies and use cases.
• Experience in developing and implementing custom security use cases and rules.
• Excellent analytical and problem-solving skills with the ability to identify and resolve complex security issues.
• Strong1 understanding of network protocols, operating systems, and security architectures.
• Excellent communication and collaboration skills.
  
  

Certifications (Preferred)

• Relevant cybersecurity certifications such as:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• CompTIA Security+2
• GIAC certifications (e.g., GCIH, GCIA, GPEN)
• Specific vendor certifications related to SIEM, EDR, or SOAR technologies.
  
  

Educational Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent practical experience3 may be considered in lieu of a degree.
  
  

Skills: collaboration,siem,advanced threat detection,threat intelligence,problem-solving,edr,machine learning,use case development,analytical skills,security architectures,ueba,security event categorization,communication,cybersecurity,network protocols,soar,operating systems,ndr,digital risk protection,threat lifecycle management