Security Engineer - Heartland (Remote)

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. The Security Engineer role involves hands-on experience with observability products and a deep proficiency in operating systems and security troubleshooting to ensure effective threat detection and incident response.

Responsibilities:

• Hands-on experience with observability products such as SIEM (Security Information & Event Management, SOAR (Security Orchestration, Automation, and Response), and data stream management tools
• Familiarity with key security events on common IT platforms
• Deep proficiency in client and server operating systems including Windows, Mac, and Linux
• General networking and security troubleshooting (firewalls, routing, NAT, etc.)
• Scripting and development skills (BASH, Perl, Python or Java) with strong knowledge of regular expressions
• Ability to autonomously prioritize and successfully deliver across a portfolio of projects
• In-depth knowledge of log management, monitoring, and alerting techniques
• Experience with setting up, modifying, and tuning alerts within the SIEM to ensure critical threats are identified properly
• Understanding data ingestion, transformation, and enrichment workflows for integrating various log sources, network telemetry, and security event data into observability platforms
• Ability to work with and understand log parsing, aggregation, and normalization
• Proven track record working in a Security Operations Center (SOC), with direct involvement in threat detection, incident response, and security event monitoring. Strong understanding of SOC workflows and processes
• Comfortable producing clear, concise reports and documentation related to security incidents and system performance

Requirements:

• Hands-on experience with observability products such as SIEM (Security Information & Event Management, SOAR (Security Orchestration, Automation, and Response), and data stream management tools
• Familiarity with key security events on common IT platforms
• Deep proficiency in client and server operating systems including Windows, Mac, and Linux
• General networking and security troubleshooting (firewalls, routing, NAT, etc.)
• Scripting and development skills (BASH, Perl, Python or Java) with strong knowledge of regular expressions
• Ability to autonomously prioritize and successfully deliver across a portfolio of projects
• In-depth knowledge of log management, monitoring, and alerting techniques
• Experience with setting up, modifying, and tuning alerts within the SIEM to ensure critical threats are identified properly
• Understanding data ingestion, transformation, and enrichment workflows for integrating various log sources, network telemetry, and security event data into observability platforms
• Ability to work with and understand log parsing, aggregation, and normalization
• Proven track record working in a Security Operations Center (SOC), with direct involvement in threat detection, incident response, and security event monitoring. Strong understanding of SOC workflows and processes
• Comfortable producing clear, concise reports and documentation related to security incidents and system performance
• Experience with other Information Security solutions including CrowdStrike, SentinelOne, ZScaler, Palo Alto Networks, Check Point, Microsoft Defender products, Carbon Black, Splunk, and/or Cisco
• Experience authoring security runbooks, policy, and best practice documentation
• Bachelor's degree in a relevant discipline or equivalent professional experience