Key skills
PythonBashPowerShellAIAWSGCPSSOCommunicationPenetration Testing
About this role
Reserv is an InsurTech company focused on creating and incubating cutting-edge AI and automation technology for the insurance industry. As a Security Operations Engineer, you will protect the organization's digital assets from cyber threats by monitoring networks, identifying vulnerabilities, and implementing security measures.
Responsibilities:
- Continuously monitor security telemetry to identify potential threats, malicious activity, or unauthorized access
- Investigate, analyze, classify, prioritize and contain security breaches in real-time, providing detailed reporting and post-incident analysis
- Conduct vulnerability assessments to identify system weaknesses before they are exploited
- Coordinate and assist with penetration testing activities
- Install, configure and maintain security software and systems such as endpoint security, intrusion detection, prevention systems and logging platforms
- Install and fine-tune our arsenal—from EDR/XDR and SIEM to SOAR and IDS/IPS
- Research, analyze and stay up to date on the latest security trends, hacking techniques, emerging cyber threats
- Educate employees and stakeholders on security protocols, phishing threats and data protection
- Develop SOPs, playbooks/runbooks to consistently respond to common incidents that allow our security posture to scale as fast as our business
- Hunt for unknown threats in the environment by analyzing logs based on current and emerging threat intelligence
Requirements:
- Minimum of 3 years of experience in the trenches of a dedicated cybersecurity role
- Working understanding of NIST Cybersecurity Framework
- Technical proficiency with MacOS, Windows, Unix/Linux
- Experience securing and monitoring mobile devices
- Knowledge of current threat actors, TTPs, and MITRE ATT&CK framework
- Fluent in SIEM, EDR/XDR, and Vulnerability Scanners
- Experience with cloud-based productivity platforms such as Google Workspace and/or Microsoft 365
- Demonstrated experience working with SIEM tools, vulnerability scanners, endpoint protection, email security and threat intelligence platforms
- Experience with penetration testing
- Experience performing risk assessments, drafting/maintaining cybersecurity policies and procedures, and constructing after-action reports with precise details
- Familiarity with SSO and identity and access management systems
- Security+, CySA+ or similar industry-standard security certifications
- Strong written and verbal communication skills
- You possess a relentless technological curiosity where 'sniffing out' anomalies is becoming second nature
- Experience working in a cloud-first or startup environment
- Bachelors degree in Cybersecurity, IT, or related field
- Automation experience with various scripting languages (e.g. Bash, Python, PowerShell)
- AWS and/or GCP certifications or demonstrated experience
- Deep understanding of at least two major operating systems
- Familiarity with the concepts of secure software development (SSDLC)