Stack AV is hiring a
Senior Cyber Security Engineer in United States

Summary

The job description is for a Cyber Detection and Response Engineering role at Stack AV. The role involves developing and maintaining new threat detection capabilities, triaging and tuning security events and incidents, and leading security investigations and incident response efforts. The focus is on securing Stack’s infrastructure, data, and users across various environments.

Requirements

• Experience working with Security Information and Event Management (SIEM) tools such as Splunk, Sumo Logic, Arcsight, etc
• Experience deploying, managing, and utilizing Endpoint Detection and Response (EDR) tools such as Crowdstrike, Sentinel One, Carbon Black, etc
• Thorough understanding of Macos, Linux, and Windows hardening and security best practices
• Experience creating threat and DLP signatures for network, endpoint, email, and cloud/SaaS security solutions to identify potential attacks, exploits, or data exfiltration attempts
• Extensive experience developing and automating incident response policies
• Deliver complex projects, including coordinating and driving issues to resolution utilizing excellent technical troubleshooting skills
• Work with Stack’s highly technical software and hardware engineering teams to understand their goals, and deploy tools and solutions to get the data accessible to them for development
• Experience with troubleshooting complex issues and providing detailed root cause analysis

Responsibilities

• Developing and maintaining new threat detection capabilities
• Triaging and tuning security events and incidents
• Leading security investigations and incident response efforts

Preferred Qualifications

• A drive to learn and work with industry leading technologies
• An understanding of network orchestration and automation with Python, Ansible, and Terraform
• Experience working with Security Access Service Edge (SASE) solutions such as Zscaler, Prisma Access, Netskope, etc
• Thorough understanding of email security and best practices. Experience working with Secure Email Gateways (SEGs), Mail Transfer Agents (MTAs), and end user training solutions like Knowbe4 is highly desirable
• Experience with both traditional DLP and Cloud Access Security Broker (CASB) solutions, especially developing data classification policies, signature detection, and response runbooks
• Extensive experience with network security tooling and practices such as layer 7 firewalls and Unified Threat Management (UTM) solutions, Intrusion Detection and Prevention Systems (IDS/IPS), malware sandboxing, Network Detection and Response (NDR) solutions, netflow and telemetry aggregation, systems, micro segmentation, web application firewalls (WAFs), load balancers, network taps, DNS security solutions, etc
• Thorough knowledge of Public Key Infrastructure (PKI), certificate lifecycle management, 802.1x implementation, mTLS, etc
• Experience with Google Workspace, especially developing Trust Rules to secure and control sensitive data and enhancing DLP capabilities