Security Engineer

Security Engineer

Olympia, WA – Remote

A. PURPOSE AND GOALS

• This resource will be responsible for supporting the security team in implementing security controls, identifying vulnerabilities within a network, and mitigating them.

• This resource will provide cloud security solutions for Azure services.

• This resource will support SIEM solution implementation.

B. PROJECT TEAM AND ENVIRONMENT

a.) This resource is a key member of the Security Team and will report directly to the Cloud and Infrastructure Security Lead. This resource will collaborate closely with members of the Security Team, and other CLIENT departments, staff, contractors, and external (CLIENT) partners.

b.) This resource plays a critical role in establishing, maintaining, and administering CLIENT’s Security Information and Event Management (SIEM) solution. Key responsibilities include ensuring the ingestion of relevant log sources into the SIEM platform, collaborating on building effective detections and dashboards, and working closely with the Managed Detection and Response (MDR) provider and Incident Response team to promptly address alerts. The candidate is also responsible for effective working relationships, with staff at all levels in CLIENT, state agencies, vendors, agents, and others as needed.

C. PROJECT-SPECIFIC QUALIFICATIONS AND EXPERIENCE

• Required:Bachelor’s degree in engineering, Security, Technology, or related field.
• 10 years of information security and engineering experience.
• 5 years of SIEM, building detections and/or cloud security experience.
• In-depth knowledge of cloud security in Microsoft Azure and/or AWS.
• Develop and maintain CLIENT’s SIEM solution.
• Build high fidelity detections and tune out low fidelity alerts.
• Respond to incidents promptly.
• Maintain positive relationships with stakeholders.
• Analyze logs and troubleshoot system issues.
• Document business processes and workflows.
• Experience working on network and application firewall.
• Experience with any of the major cloud providers (AWS, GCP, Azure).
• Experience working with MDR providers in setting up and investigating security alerts.
• Moving cold storage from Rapid7 to Sentinel.
• Desired:Experience in a Health Exchange or its partners would be a plus.
• CompTIA Security , CISSP or other industry recognized certifications.
• Experience with administering serverless, cloud-based enterprise applications and environments.
• Experience with administering Linux and Microsoft server environments.
• Experience and general understanding of object-oriented coding (Java, Python, .Net, etc.).
• Familiarity with CSPM and Vulnerability management tools.
• Familiarity with standards such as OWASP, IRS 1075, NIST, and FISMA.