Senior Security Operations Engineer

Summary

Join League's Security Engineering team as a Senior SecOps Engineer and play a critical role in scaling security across the development lifecycle and managing security incidents. You will be responsible for monitoring security events, leading incident response efforts, developing and maintaining incident response plans, and collaborating with cross-functional teams. The role also involves managing security tools, automating workflows, conducting threat research, contributing to security architecture, and ensuring compliance with security standards. You will need a Bachelor of Science degree in Computer Science or a related field, 5+ years of experience in security operations, and proficiency in scripting languages. The ideal candidate will also possess strong analytical and problem-solving skills, excellent communication skills, and a collaborative spirit.

Requirements

• Bachelor of Science degree (BS) in Computer Science (or a related field)
• 5+ years of experience in security operations, incident response, or a related role
• Deep and broad technical understanding of security concepts, principles, and technologies
• Experience with security monitoring tools (e.g., SIEM, EDR), including configuration and administration of these tools
• Proven leading and coordinating incident response processes and methodologies
• Proficiency in scripting languages (e.g., Python, Go)
• You have some Infrastructure as Code (Terraform, Ansible) experience or a strong desire to learn
• Experience with threat intelligence platforms and implementing these in security operations
• Strong analytical and problem-solving skills
• You are a collaborator at your core
• Excellent communication and interpersonal skills

Responsibilities

• Monitors security events and alerts from various sources (SIEM, endpoint detection, SASE, etc.) and analyzes them to identify potential security incidents
• Leads security incident response efforts, including investigation, containment, eradication, and recovery
• Develops and maintains incident response plans, playbooks, and procedures
• Coordinates with cross-functional teams (IT, Engineering, Legal, etc.) during security incidents
• Perform root cause analysis of security incidents and recommend preventive measures
• Independently analyzes complex security incidents, identifying root causes and developing solutions and drives them to completion
• Participate in an on-call rotation
• Manage and maintain security tools and technologies, such as SIEM, EDR, and SASE platforms
• Develop and implement automation scripts and workflows to improve security operations efficiency and effectiveness
• Demonstrated ability to leverage GCP services (e.g., Cloud Functions, Cloud Run) to host and automate security scripts and tools for event enrichment and response
• Proficiency in utilizing GCP services like Pub/Sub, Dataflow, BigQuery, and Cloud Storage for data processing, analysis, and enrichment
• Evaluate and recommend new security tools and technologies to enhance our security posture
• Manage and maintain infrastructure through Terraform
• Conduct threat research and analysis to identify emerging threats and vulnerabilities
• Develop and implement threat detection rules and use cases
• Contribute to the design and implementation of security systems architectures and solutions
• Evaluate and recommend security controls for new and existing systems
• Ensure security best practices are followed in system development and implementation
• Collaborate with other teams to ensure security is integrated into all aspects of the organization's operations
• Communicate security risks and issues to technical and non-technical audiences, including leadership
• Mentors and provides guidance to junior security analysts and engineers to develop their technical growth
• Ensure compliance with relevant security standards and regulations (e.g., HITRUST, NIST, GDPR)
• Prepare and present security reports to management
• Participate in routine audits within the organization
• Compliance with Information Security Policies
• Compliance with League’s secure coding practice
• Responsibility and accountability for executing League's policies and procedures
• Notification of HR, Legal, Compliance & Security of any incidents, breaches or policy violations

Preferred Qualifications

• Security certifications (e.g., OffSec Certifications, GIAC Certifications)
• Experience with digital forensics
• Experience with cloud security (AWS, Azure, GCP)
• Experience with Security Orchestration,Automation and Response (SOAR)
• Knowledge of networking protocols and security
• Contributions to the security community at League, and more broadly (eg. blog posts, conference presentations, etc.)