Security Engineer [T500-25083]

COMPLY is seeking a Security Engineer to maintain its operational security systems. The Security Engineer position offers a dynamic role focused on safeguarding organizational assets through advanced vulnerability management, incident response, and threat detection strategies. Leveraging expertise with cutting-edge technologies such as Sentinel One, Microsoft Defender, and Mimecast. This role requires proactive engagement in optimizing security operations, collaborating across departments, supporting compliance efforts, and staying ahead of evolving cybersecurity threats.

Job Summary: Primary responsibilities of this role include vulnerability management, incident response, threat detection and mitigation, and providing security operations support.

Key Responsibilities:

SOC & Incident Response 50% of time

• Respond to security incidents, including investigation, containment, and recovery, as detected by our tools or third-party vendors.
• Monitor and analyze security alerts from various sources to detect and mitigate threats.
• Assist our third party SOC vendor with the triage and mitigation of incoming alerts.
• Stay updated on the latest security threats, trends, and technologies. Perform threat hunting activities in alignment with latest trends and news.
• Familiarity and experience developing and refining SIEM tools, including maturing our approach to log ingestion and onboarding new log sources.

Vulnerability Management - 25% of time

• Conduct vulnerability assessments, develop custom reporting, and coordinate with Infrastructure teams to drive remediation efforts.
• Proactively assesses for prevalence of security configuration issues across our enterprise.

Security Operations Support & Security Engineering 20% of time

• Provide technical support and guidance on security-related infrastructure issues.
• Support security operations by maintaining and optimizing security tools and technologies, security policies, integrations, and automations.
• Collaborate with Infrastructure, Engineering, Product, and other departments to ensure security measures are integrated into all systems and processes.

Other 5% of time

• Participate in security audits and assessments, including the collection of artifacts and videoconferencing with auditors

Qualifications:

• Bachelor's degree in information security, Computer Science, or related field.
• Minimum of 3-5 years of experience in an IT security engineering role.
• Strong understanding of EDR and SIEM tools such as Sentinel One, and Microsoft Defender.
• Knowledge of mail filtering tools and experience tuning policies.
• Experience with vulnerability management, incident response, and threat detection.
• Excellent problem-solving and analytical skills.
• Strong written and verbal communication skills.
• Ability to work independently and as part of a team.
• At least one relevant certification (e.g., CySA+, CEH, Pentest+, GPEN, GCIH).
• Familiarity with cloud security practices, tools, and concepts across AWS, Azure, and Microsoft 365 technologies.

Preferred Skills:

• Experience with broader security technologies such as Okta, Defender for Cloud, AWS Security Hub, GuardDuty, AlertLogic WAF
• Familiarity with security compliance standards and regulations (e.g., SOC2, ISO 27001, GDPR, NIST, EU DORA).
• Strong organizational and project management skills.