Welcome to RemoteYeah 2.0! Find out more about the new version here.

Remote Senior Security Engineer

at Sur

Posted 1 week ago 0 applied

Description:

  • You will join a high-octane security team tackling both offensive and defensive challenges.
  • Your responsibilities will include acting as a Tier 2/3 SOC analyst to investigate and respond to security incidents.
  • You will configure and secure systems, including antivirus, firewalls, and OS hardening.
  • You will build scripts to automate agent deployment, policy cleanup, and scanning tools.
  • Troubleshooting issues with tools like Antivirus, Qualys, DNS filters, and EDR will be part of your role.
  • You will perform manual and automated web application/API pentests, focusing on OWASP Top 10 and logic bugs.
  • Delivering Proofs of Concept (PoCs) and collaborating with developers to fix security flaws will be required.
  • You will run internal red team simulations and test SOC detection at least quarterly.
  • Improving detection rules and visibility in EDR and SIEM tools will be a key responsibility.
  • You will design threat scenarios and assist defenders in responding more effectively.
  • Strong experience with Windows and Linux system administration is necessary.
  • You will manage over 300 servers.
  • Previous work experience in a SOC, threat hunting, or incident response role is required.
  • You should be skilled with tools like Burp Suite, Nmap, SQLmap, etc.
  • Proficiency in Python, PowerShell, or Bash scripting is essential.
  • Solid communication skills in English are required.
  • Experience using vulnerability tracking platforms, such as DefectDojo, is necessary.
  • An active profile on Hack The Box, TryHackMe, or similar platforms is required (include link if available).
  • Bug bounty experience with public write-ups or results is preferred.
  • Experience with red or purple team operations is necessary.
  • Knowledge of C2 frameworks, adversary emulation, or payload creation is required.
  • Cloud security knowledge, specifically in AWS, Azure, or GCP, is necessary.
  • Relevant certifications like OSCP, OSWE, CRTO, or similar are preferred.

Requirements:

  • You must have strong experience with Windows and Linux system administration.
  • You should have managed over 300 servers in your previous roles.
  • Previous work experience in a SOC, threat hunting, or incident response role is essential.
  • You need to be skilled with tools such as Burp Suite, Nmap, SQLmap, etc.
  • Proficiency in scripting languages like Python, PowerShell, or Bash is required.
  • Solid communication skills in English are a must.
  • Experience using vulnerability tracking platforms, such as DefectDojo, is necessary.
  • An active profile on Hack The Box, TryHackMe, or similar platforms is required (include link if available).
  • Bug bounty experience with public write-ups or results is preferred.
  • You should have experience with red or purple team operations.
  • Knowledge of C2 frameworks, adversary emulation, or payload creation is required.
  • You must have cloud security knowledge, specifically in AWS, Azure, or GCP.
  • Relevant certifications like OSCP, OSWE, CRTO, or similar are preferred.

Benefits:

  • The salary range for this position is $3000-$4500 USD, plus holidays.
  • You will receive unlimited Paid Time Off (PTO).