Key skills
PythonJavaC#CGoRubyRustPowerShellAnalyticsLeadershipCloud Security
About this role
Starbucks is a company known for its connection and leadership in the coffee industry. They are seeking a Senior Cybersecurity Engineer to contribute to their cybersecurity program by detecting and responding to alerts, performing investigations, and improving SOC processes.
Responsibilities:
- Detect, assess and respond to alerts and incidents
- Perform rapid triage to determine severity, validity, and urgency of alerts
- Follow SOC playbooks and SOPs to ensure consistent triage and decision-making
- Creates custom detections aligned to the MITRE ATT&CK Framework
- Review and audit available logging to determine potential gaps in detection capabilities
- Reviews threat intel reports and feeds, makes recommendations for profile or toolset changes based on reviews
- Hunts for new threats and perform data analytics to surface activity not seen within the environment
- Performs in-depth investigations on Windows, Linux, and MacOS hosts
- Write stories for engineers to improve our SOAR environment
- Support the improvement of SOC processes through feedback and operation observations
- Acts as a mentor and escalation point for SOC engineers
- Tune security tool configuration to minimize false positives
- Collaborate with security leadership, engineering, and compliance to execute security strategies
- Assess our current cloud security and propose improvements or solutions
- Serve as a subject matter expert for security tools, applications, and processes
Requirements:
- 5+ years of experience working in an information technology discipline
- 4+ years of security operations experience
- Deep technical understanding of modern Cybersecurity threats
- Ability to quickly learn new cybersecurity concepts
- Understanding of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools & techniques using this framework
- Proficient in programming with at least one modern language such as Python, Powershell, C#, Ruby, Java, Rust, Go
- Experience with the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security
- Basic understanding of compliance and regulatory requirements such as SOX and PCI
- Ability to balance multiple priorities and meet deadlines
- Excellent problem-solving abilities
- Passionate about cybersecurity and self-driven to become an expert
- Proficiency in two or more of the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security
- Proficiency in two or more of the following pillars: Phishing, DLP, Compliance, Networking, Forensics, Big Data, Threat Intel, Operating Systems, Reverse Engineering
- Contributes back to the cybersecurity community through teaching or through code
- Certifications such as CISSP, SSCP, GCIH or others focused on cybersecurity