Senior Security Operations Engineer

Summary

Join GLG's Information Security Team as a Security Operations Engineer! Reporting to the VP of Information Security, you will be responsible for maintaining, implementing, and enhancing our security program. Key duties include incident response, vulnerability monitoring, compliance activities, and promoting security best practices. You will collaborate with our MSSP and work within our ISO 27001 program. This role requires strong technical skills and experience in security operations. If you thrive in a collaborative environment and are passionate about security, apply now!

Requirements

• 5+ years of experience as a security analyst, security operations engineer or in a forensics role
• Strong hands-on network, systems, and application security experience
• Knowledge of security and control frameworks, such as ISO27001/2, NIST, and/or CIS
• Interpersonal and collaborative skills with the ability to communicate security and risk-related concepts to technical and nontechnical audiences
• High level of personal integrity, and the ability to professionally handle confidential matters
• High degree of initiative, dependability and ability to work with little supervision
• Natural passion for security and strong drive to see both projects and investigations to completion
• Enjoys collaborating and working in a team-based environment

Responsibilities

• Perform regular operational security functions, ongoing compliance-related activities, and conduct security assessments across various technologies and third parties
• Internal and external vulnerability identification and remediation
• Act as primary point of contact with our managed security service provider (MSSP)
• Monitor and report on security tools (i.e., SIEM, EDR, IAM, IDS/IPS, vulnerability scanning)
• Manage security incident triage, investigation, and response
• Conduct forensic analysis and evidence collection
• Perform compliance related tasks such as privileged access reviews and change monitoring
• Track operational metrics related to alerts, incidents, and vulnerabilities
• Execute information security reviews against infrastructure, applications, and vendor services
• Participate in various programs and initiatives supporting the further implementation of the company's information security policies and standards
• Be a positive advocate for security best practices and awareness throughout the company