Security Engineer - CSIRT

Who You Are

You are a cybersecurity professional with several years of experience working in a security operations center. You have hands-on experience with security tools like SIEM, SOAR, EDR and IDS and applying these tools to defend an organization against modern threats. You are familiar with cybersecurity frameworks like NIST CSF and CIS as well as compliance certifications like ISO 27001 and PCI DSS 4.0. You are self-motivated and passionate, able to identify and action on areas of improvement with minimal oversight. You have an intimate knowledge of cyber threats and remain plugged into the threat landscape, staying up to date on trends and adversarial activity. Youre a great communicator, able to explain complex technical topics to non-technical individuals. You are proficient in Python, able to automate repetitive tasks and create custom integrations between security tools.

The Opportunity

WatchGuard is growing its internal security operations organization to combat evolving cyber threats with an expanded Computer Security Incident Response Team (CSIRT). This team is instrumental for maintaining overall trust and risk management within WatchGuard. As a global cybersecurity vendor, at WatchGuard youll have ample opportunity to use the latest technologies and defend against the most sophisticated threats.

As a member of the Security Operations Center, you will help shape WatchGuards cybersecurity strategy. Your coworkers will depend on you to help maintain business continuity through incident response activities, shaping corporate security policy, and deploying preventative controls. You both develop detection use cases and respond to the alerts that those use cases generate. Once youre up to speed, youll join CSIRTs 12 hour on-call rotation for security incident escalations to help guide incident response activities and reduce mean time to containment.

As a Security Engineer, you must constantly learn, staying up to date on the latest attacker techniques and defender strategies. You must be proficient with automating activities wherever Job Description possible to succeed. This is an engineering minded team that must prioritize their work using a data-driven defense approach based off real world attacker behaviors.

A day in life

As member of the Security Operations Center at WatchGuard, no two days will ever be the same. Every day you will help review and investigate security events, proactively threat hunt for indicators of compromise, and help improve WatchGuards security controls and policies. As a member of the CSIRT organization, you will make a meaningful impact on WatchGuards security posture, identifying and closing gaps in our controls and automating repeated tasks. Throughout the day, youll remain plugged in to security news and threat intelligence feeds, using your knowledge to help WatchGuard defend against emerging threats.

Skills & Experience

Well versed in security tools like SIEM, EDR and IDS.

Well versed with cloud platforms and hybrid environments knowledge of IT and Networking.

You should have minimum 2 years of relevant experience with a strong background in cybersecurity, networking & related tools.

Familiarity with scripting & programing languages like python, shell, PowerShell, C++, Java etc.

B. Tech or M. Tech in the field of Cyber Security.

Experience in Incident Response.

Certification like CEH, CISSP, COMPTIA Security plus etc.

Familiar with cybersecurity frameworks like NIST CSF and CIS as well as certifications like ISO 27001, PCI-DSS.

Within one month, you will..

Become familiar with WatchGuards security policies and controls.

Begin investigating security events and proactively threat hunting across WatchGuards global networks.

Within three months, you will

Share your knowledge by writing and improving playbooks

Identify areas for improvement across WatchGuard security operations and propose actionable solutions.

Drive automation throughout the security organization to improve efficiency.

Become familiar with WatchGuard security products.

Within six months, you will

Develop bespoke applications to improve WatchGuards prevention, detection and response capabilities

Improve security event analytic logic to increase coverage and reduce false positives.

Help develop and maintain best practices and security standards for managing risk at WatchGuard.

Apply your knowledge and understanding of WatchGuard products to provide security guidance outside of the SOC

Continue to improve your own skillset in areas of information security, malware analysis, and/or ethical hacking.

Regularly contributes to thought leadership content, growing your brand as a security expert both within and outside of WatchGuard.