Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Job Overview:
As a Senior Security Operations Engineer, you will be an integral part of Qualys SOC (Security Operation Center) and CSIRT (Cyber Security Incident Response Team) contributing to the day-to-day activities aimed at governing entire incident management lifecycle from incident monitoring, triaging, analyzing, and responding to security incidents. This role requires a solid understanding of security technologies, incident triage/investigation & incident response, and a proactive approach to identifying and mitigating potential threats. You will leverage advanced cybersecurity tools and techniques to monitor and secure Qualys infrastructure/systems, Qualys Cloud Platforms, respond to alerts, investigate potential threats, and proactively work for mitigation of identified cyber threats/incidents. At the same time, you will be responsible for providing expert guidance to other SOC engineers in the team and working closely with SOC/CSIRT leadership to improve the organization’s security posture.
Key Responsibilities:
Security Monitoring and Analysis:
- Proactively monitor security systems, SIEM platforms, various security tools, analyze logs, network traffic, system events and incident alerts for signs of malicious activity or policy violation.
- Conduct incident triage, build incident investigation hypothesis, incident response approach.
- Investigate and respond to alerts, ensuring a timely and effective resolution.
- Review the triggered incident and analyze the incident tickets created by SOC level 1 engineers for correct incident classification, categorization, setting up security permission, false positive validation and finetuning etc.
- Must be familiar with various log sources and investigation approach depending on various kinds of incidents. Should understand the correlation between log sources as needed for investigation.
- Analyze network and host activities associated with both successful and unsuccessful intrusions by threat actor's basis perimeter security logs.
- Should have experience in correlating malware infections with attack vectors to determine the extent of security and data compromise.
- Monitor SIEM and other security tools alerts for anomalous or suspicious activity; research alerts and make recommendations to remediate concerns.
- Analyze, correlate and action on data from subscription and public cyber intelligence services, develop tactics to combat future threats, and follow the Incident Response Plan for required response.
- The ability to perform analysis of log files from multiple different devices and environments and identify indicators of security threats.
- You will be responsible for assisting all junior SOC engineers related to incident monitoring, investigation and response.
Incident Response:
- Participate in incident response activities, assisting in the identification, containment, eradication, and recovery from security incidents.
- Run incident response calls with help of CSIRT lead/manager via incident warroom and bridge call to other incident resolution teams.
- Document incident response activities along with entire incident timelines and contribute to post-incident reports.
Threat Detection & Analysis:
- Analyze logs, security events, and network traffic for anomalies and indicators of compromise (IOCs).
- Perform forensic analysis on potentially compromised systems using in-house digital forensic lab.
- Conduct sandbox analysis and obtain report for various malicious code/payloads identified in case of infected systems.
Security Tool Management:
- Configure and manage security tools such as Endpoint Detection and Response (EDR), Endpoint Protection Platforms (EPP), File Integrity Monitoring (FIM), Application Control (Whitelisting/Blacklisting) on endpoints etc.
- Identify different attack patterns (IOA - Indicator of Attacks) in security logs which can cause harm to our system. Work with SIEM detection team to convert these patterns into an automated detection logic on SIEM platform.
Threat Intelligence Support:
- Configure and manage the open source and in-house threat intelligence sharing platform.
- Assist in the integration of threat intelligence into security operations processes to enhance detection capabilities.
- Stay informed about the latest cybersecurity threats and vulnerabilities via various cyber security newsletters and security advisories. Notify SOC team about actionable for identified advisories.
Threat Hunting:
- Conduct proactive threat-hunting activities to identify emerging threats and weaknesses in the organization’s security defenses.
- Follow organization threat hunting procedure to carry out our various threat hunting activities and work on remediation of identified misconfigurations/security issues during hunt.
Incident Response Documentation & SOAR Runbook Creation:
- Work with CSIRT lead/manager to build incident response runbooks for remediation of various cyber-attack scenarios.
- Identify unknown attack patterns by analyzing various log sources and work with SIEM administration team to convert them into automated use cases.
- Translate conceptual SOC/IR requirements into technical data and integration requirement for SOAR platform.
- Work with SIEM/SOAR admin team to convert the technical data into SOAR playbooks.
- Enhance existing incident response runbooks and work on fine tuning of existing use cases on SIEM platform.
Experience:
- 2-4 years of working experience in a Security Operations Center (SOC) or Incident Response role.
Education:
- Master/bachelor’s degree in computer science or equivalent degree.
Required Skills & Qualifications:
- Must have knowledge of SIEM platforms (e.g., Elastic, Azure Sentinel etc.). Experience performing security analysis utilizing SIEM technologies.
- Experience in analyzing security logs generated by SIEM, Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, Web application firewalls (WAF), network flow systems, Anti-Virus, EDR/XDR and/or other security logging sources in correlation with vulnerability analysis
- Experience with network and host-based forensics, log analysis, and incident response.
- Strong knowledge about layer 3, layer 4 and layer 7 DDoS protection along with Web Application Firewall for incident response strategy.
- Understanding about network security solutions like IDS/IPS, Firewall etc.
- Candidate should have deep understanding of OSI layers and network protocols (TCP/ IP, UDP, DHCP, FTP, SFTP, SNMP, SMTP, SSH, SSL, VPN, RDP, HTTP and HTTPS etc.)
- Experience in threat intelligence enrichment (E.g. Passive DNS, WHOIS, Virus Total etc.)
- Knowledge in Infrastructure vulnerability assessment and management of process to remediate identified vulnerabilities would be an added advantage.
- Familiarity with analytical models (E.g. MITRE ATT&CK), Cyber Kill Chain, Diamon Model etc.
- Knowledge in Operating systems (Linux, Windows etc.)
- Experience with scripting (Python, Bash, PowerShell) for automation and threat detection and incident response.
- Familiarity with security orchestration and automation platforms (SOAR).
- Hands-on experience with malware analysis or reverse engineering
- Ability to multi-task under strict deadlines and SLA for incident monitoring and response
- Foundation level Security Certification Security like CompTIA Security, EC-Council -CEG, CHFI, CIH, CTIA or any other SOC/IR related certifications.
- Advance Level Security Certification (ISC2, SANS) will be added advantage
- Should have understanding about UBA/UEBA and SOAR tools.
- Knowledge of common security frameworks (e.g., NIST, CIS, ISO 27001).
- Experience with cloud security tools (AWS, Azure, GCP).
Other Jobs from Qualys
Sr Software Engineer
Lead Software Engineer
Lead Software Engineer
Lead Workday HCM Engineer
Systems Engineer
Similar Jobs
Python Developer
Cloud SecOps Engineer
Lead Software Engineer, DevOps
Senior Lead Software Engineer, DevOps
SRE Engineer
There are more than 50,000 engineering jobs:
Subscribe to membership and unlock all jobs
Engineering Jobs
60,000+ jobs from 4,500+ well-funded companies
Updated Daily
New jobs are added every day as companies post them
Refined Search
Use filters like skill, location, etc to narrow results
Become a member
🥳🥳🥳 401 happy customers and counting...
Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.
To try it out
For active job seekers
For those who are passive looking
Cancel anytime
Frequently Asked Questions
- We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
- We've got about 70,000 jobs from 5,000 vetted companies. No fake or sleazy jobs here!
- We aggregate jobs from 5,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
- We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
- Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
- Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
- Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅
What Fellow Engineers Say