Security Engineer

About the Opportunity:

Sagent is seeking a Security Engineer (Detection & Response) to join a growing team responsible for securing next-generation, cloud-native financial technology systems. This role offers the opportunity to work in a dynamic environment where your expertise will play a critical role identifying, analyzing, and mitigating security threats. You will be responsible for monitoring, analyzing, and responding to potential security incidents, performing in-depth security investigations, and executing regular threat hunting campaigns across the organization. If you are passionate about information security, possess a keen eye for detail, we encourage you to apply and be a part of our mission to safeguard our digital landscape.

Your day-to-day at Sagent:

• Investigate and respond to alerts generated by security systems, conducting in-depth analysis to determine the nature and scope of potential security incidents.
• Refine and optimize custom detection rules based on analysis of security data, enhancing the organization's ability to detect and respond to threats.
• Identify opportunities to enhance threat detection capabilities through process improvements, security tool reconfiguration, threat modeling, automation, and integration of new technologies.
• Author security automation workflows with scripting languages such as Python.
• Contribute to authoring and maintenance of detailed security incident response playbooks.
• Proactively hunt for threats using the MITRE ATT&CK framework, analyzing behaviors and patterns in hybrid cloud environments to identify and mitigate potential security incidents.
• Contribute to security vulnerability management operations including scanning, patching coordination, monitoring progress of remediation.

We would love to hear from you if you have:

• Willingness to work outside of standard business hours during critical incidents.
• Prior experience administrating IT systems or networks (~3 years), preferably with both in public cloud environment(s) and physical data center location(s).
• Solid understanding of SQL-like query languages, and proficient in data manipulation and analysis techniques to extract actionable insights from large and complex cybersecurity datasets.
• Ability to maintain collected demeanor under high-pressure security incident response scenarios.
• Knowledge of MITRE ATT&CK framework and its application to threat hunting campaign scenarios, as a bonus in hybrid cloud environments.
• Hands-on experience professionally administrating and securing both Windows and Unix/Linux operating systems, and common threats that each are susceptible to.
• Thorough understanding of the OSI model and a wide range of common network protocols, enabling effective analysis, detection, and mitigation of security threats at various layers of the network stack.
• Experience or exceptional aptitude working within Security Information and Event Management (SIEM) platforms-- especially building and optimizing custom detection rules.
• Experience or exceptional aptitude monitoring various security tools, logs, and threat intelligence feeds to detect potential cyber threats, including malware, phishing attempts, and unauthorized access attempts.
• Excellent communication skills with ability to effectively translate complex technical concepts and findings into clear and concise insights for non-technical stakeholders, fostering collaboration and informed decision-making across cross functional teams.
• Solid understanding of scripting languages such as Python (preferred), Bash scripting, or Powershell; prior experience using scripting to automate tasks.
• Familiarity and fundamental understanding of modern defense-in-depth security tools and technologies such as Intrusion Detection and Prevention (IDS/IPS), Endpoint Detection and Response (EDR) solutions, Cloud Native Application Protection Platform (CNAPP) and Web Application Firewalls (WAF)
• Enthusiasm for security automation and creative technical ability to identify time-saving or novel automation workflows.
• Proven understanding of cloud infrastructure concepts, paradigms, and associated security threats.
• Proven understanding of common web-based attacks at runtime, such as those found OWASP Top 10, and how to respond/mitigate each from an operational standpoint.
• Proven understanding of identifying and mitigating email-based threats, including phishing, malware, and spoofing, and as a bonus, hands-on experience in administering and configuring email security tools and protocols to safeguard against these threats.
• Basic understanding of threat modeling concepts and methodologies, with the ability to identify compound attack vectors.
• Support the larger Information Security team & IT teams with security expertise and assistance as needed.

Important Considerations:

• The nature of this role will require the individual to participate in regular on-call rotations on weekends and holidays. However, we deeply recognize the importance of maintaining a healthy work-life balance. Our organization is committed to providing resources and strategies to mitigate the impact of extended hours, including opportunities for flexible scheduling, and ensuring adequate time off to recharge and maintain overall well-being.

#LI-Remote

#LI-MP1