SecOps Analyst

Summary

Join PENN Entertainment’s digital team and contribute to the development and maintenance of cutting-edge online gaming and sports media products. As a Security Engineer, you will be responsible for monitoring and responding to security events, developing internal tools to automate security workflows, and collaborating with cross-functional teams. You will participate in security uplift initiatives, integrate systems into the security fabric, and create detection/correlation rules. The role requires expertise in security threats, concepts, and methods, and involves daily security maintenance activities, vulnerability assessments, and compliance support. PENN Entertainment offers a competitive compensation package, comprehensive benefits, and opportunities for professional growth. The ideal candidate will have at least two years of experience in IT/IS security and functional knowledge of various technologies.

Requirements

• Minimum 2 years experience in IT/IS security discipline
• Minimum 2 years experience in aforementioned technologies
• Must have functional knowledge of macOS, Linux and Windows
• Must have functional knowledge of AzureAD, GCP and Kubernetes
• Ability to learn and communicate technical information
• Must have excellent written and oral communication skills
• Must possess strong interpersonal skills in order to work in a dynamic and fast-paced environment

Responsibilities

• Assist in the design and deployment of security infrastructure and controls to enhance our security posture
• Develop simple internal tools to automate security workflow, integration, and threat analysis
• Participate in team coding projects to develop and maintain complex internal tools
• Integrate new and existing systems into current security fabric utilizing existing tools and developing new ones where necessary
• Collaborate with team members to create complex detection/correlation rules utilizing our SIEM and/or other security infrastructure to enhance detection and monitor for emerging threats
• Participate in tuning efforts of the detections/correlation rules
• Responsible for maintaining an expert level knowledge of existing and emerging security threats, concepts, and methods
• May be relied upon as a technical point of contact during Escalated Events relating to Security
• Triage abuse reports and security events from security related systems
• Respond to non-breach events (e.g., block brute force attacks, scanning attempts, etc)
• Assist with Vulnerability Assessments and Remediation
• Daily security maintenance activities (e.g., EDR review, agent and infrastructure health)
• Take part in Operational & Strategic Projects
• Event & Security Log review
• Identify, evaluate and report security vulnerabilities or deficits
• Triage and evaluate reported vulnerabilities from VDP program
• Act as first point of contact for security tickets and questions
• Escalate issues to senior security staff as warranted
• Support compliance audits by gathering relevant security data and producing clear, audit-ready reports using internal tooling
• Document and present findings from notable security investigations, including action items and lessons learned to drive ongoing security improvements
• Act as point of contact, coordinate, and assist with tracking of wide scoped security projects
• Enhance workflows and processes related to daily activities
• Assist senior staff in security device tuning to reduce false positives and false negatives
• Must deliver an exceptional customer experience every day
• Other duties as required

Benefits

• Competitive compensation package
• Comprehensive Benefits package
• Fun, relaxed work environment
• Education and conference reimbursements
• Paid time off is earned according to the local policy and increases with the length of employment