Remote Security Operations Engineer (Threat Detection & Penetration Testing

Description:

• You will be leveraging your security operations experience to analyze and respond to security notifications, events, and inquiries.
• You will be performing initial triage of potential security incidents through log and data analysis to determine whether or not activity is a substantiated or valid threat.
• You will assess severity and potential impact, take pre-approved remediation measures to contain a threat, and escalate findings to investigators for further review and analysis.
• You will use your knowledge of cyber threats and the results of your analysis to coordinate with partner teams to improve threat detection through tuning and creation of new use cases.
• You will improve capabilities through enriching existing data and creation of new data feeds, and improve triage accuracy, consistency, and timeliness through automation.
• This role plays a critical part in threat detection and response, ultimately reducing the likelihood of security breaches and protecting sensitive company information.
• You will analyze and investigate activity on company devices that could represent a security threat.
• You will work cross-functionally with the Security teams to develop solutions for analyzing security events at scale and protecting Bask networks, systems, and data.
• You will interpret disparate data sources to report on trends and support investigative requests.
• You will collect requirements for enhancements to detection models and response systems.
• You will leverage existing systems and data to perform analyses and promote process improvements.
• You will provide actionable insights to help identify, prevent, detect, and respond to anomalous or potentially malicious user activity.
• You will collaborate effectively with teammates, lead projects, mentor others, and develop and champion quality operational standards across the team.
• You will provide expert technical guidance on threat detection and penetration testing methodologies.
• You will drive the organizational security vision by prioritizing and overseeing the execution of projects aligned with our security roadmap.
• You will collaborate cross-functionally with security engineering teams to enhance detection systems, implement countermeasures, and ensure comprehensive protection of Stripe's networks, systems, and data.
• You will develop, document, and implement strategies, playbooks, and capabilities to advance our threat detection and penetration testing functions.
• You will continuously improve security processes by integrating feedback from penetration tests and threat detection activities into our security architecture.
• You will coach and mentor individual contributors, championing a culture of learning and excellence within the team.

Requirements:

• You must have 5+ years of experience in information technology or cyber security roles including security operations/incident response.
• You must have 2+ years of experience analyzing large data sets to solve problems and/or manage projects related to security event triage and/or workplace investigations.
• A B.S. or M.S. in Cyber Security and Information Assurance, Data Analytics, Computer Science or related field, or equivalent experience is required.
• You should have working knowledge of SQL.
• Basic knowledge of scripting or programming in Javascript, Typescript, Python, Kali Linux, and other programming languages is required.
• Proven experience with log querying and analysis (e.g. first or third party applications, system/data access, event logs), digital forensics, or incident response using one or more industry standard SIEM Platforms (Splunk, Sentinel, Chronicle, Elastic, etc.) is necessary.
• Proficiency using analytical methods to inform detection systems or guide strategic response is required.
• Strong cross-functional collaboration and written/verbal communication skills are essential.
• You must have the ability to think creatively and holistically about identifying and reducing risk in a complex environment.
• A high level of judgment, objectivity, and discretion is required.

Preferred qualifications:

• Prior experience working with high volume data in a security operations environment is preferred.
• Experience with data processing and analysis tools (e.g. Jupyter Notebooks, Databricks) is a plus.
• An adversarial mindset, understanding the goals, behaviors, and TTPs of threat actors is preferred.
• Ability to leverage threat intelligence and/or hunting concepts in an enterprise environment is a plus.
• Experience in one or more of the following areas: user and entity behavior analytics (UEBA), SOAR/security automation, security information event management (SIEM), data loss prevention (DLP), Information Security, or Data Privacy is preferred.
• One or more security certifications through a recognized industry provider: GIAC, ISACA, ISC2, OffSec, CompTIA, etc. is preferred.

Benefits:

• This is a fully remote position, allowing for flexibility in your work environment.