Security Operations Center Engineer

Summary

Join HiveMQ as their SOC Lead and Incident Manager, where you will establish and grow their Security Operations Center (SOC). You will be responsible for developing incident management processes, ensuring integration of HiveMQ assets with monitoring solutions, and continuously improving the incident response lifecycle. This role requires leading incident response, performing threat analysis, and collaborating with various teams. You will be the primary point of contact for cybersecurity situations and drive events to completion within specified timeframes. The ideal candidate possesses a strong background in information security, incident management, and threat intelligence, along with experience in cloud security and various security tools.

Requirements

• A Bachelor's or a Masters degree in computer science or information technology or similar experience
• At least 1 year or more of expertise in information security activities
• 3+ years of expertise managing and mitigating security events as part of a Cyber Incident Response unit in significant corporate contexts
• Knowledge of risk management and control frameworks, the cyber kill chain, and the SANS Incident Handling lifecycle
• Deep understanding of cloud security principles, experience with CI/CD tools (e.g. Jenkins, GitHub)
• Knowledge about IaC tools (e.g. Terraform), and container orchestration
• Expertise in network security, cryptography, virtualisation, and cloud security, as well as a strong understanding of enterprise-level information systems and technological architectures
• Proficiency in cyber threat and crisis management
• Experience working with various organisational stakeholders, from technical to management level
• Necessary skills to manage several conflicting priorities in a fast-paced environment to complete high-priority activities
• Strong track record of performance management to meet demanding KPIs and continuous improvement programs

Responsibilities

• Be in charge of establishing and growing HiveMQ's Security Operations Center (SOC)
• Be responsible for developing Incident Management processes and protocols
• Ensure all effective integration of HiveMQ assets with monitoring solutions, developing triggers, monitoring events, and identifying incidents
• Responsible for continuous improvement of the Incident Response Lifecycle and the overall maturity of the Security Operations Center (SOC)
• Be the primary point of contact for many cyber security situations, lead the discussion and serve as the primary moderator
• Perform Cyber Kill Chain and MITRE ATT&CK analysis on incoming security alerts
• Update the status of incidents on a regular basis
• Engage in all parts of the event management process, from identification to remediation and follow-up operations
• Be instrumental in improving threat management capabilities
• Drive events to completion within the time range specified for the incident's criticality level
• In the event of an investigation, be in charge of HiveMQ's DIFR
• Monitor and examine security alerts on a regular basis to discover harmful activities
• Help create and communicate meaningful metrics to improve operational execution
• Regular tabletop exercises and Blue/Purple team tests should be conducted for the team to keep them up to date and prepared in the event of an incident
• All post-incident elements should be identified, collected, documented, and addressed
• Being on call and operating outside usual business hours when needed

Preferred Qualifications

• Relevant industry-recognized security certifications such as GCIH, GCFE, GCFA, GCTI, GOSI, and ECIH will be an added advantage
• Experience creating and upgrading HiveMQ Threat Intelligence