Title : DevOps Security Engineer (Incident Response )
Location : Milpitas, CA / Palo Alto, CA / Altanta, GA
Duration : 3+ Months
Job Level : Infrastructure Security Analyst 3
Function/Department : DevOps/R&D
The Security Engineer – Incident Response & Operations is the escalation point for the Security Operation Center for security incidents they can’t resolve through standard processes and operating procedures.
The Security Engineer – Incident Response & Operations is responsible to execute Incident Response process, perform security investigations, establish processes, toolsets, and controls that proactively protect Varian infrastructure and applications. Primary responsibilities will include regular review of reports, security incidents, and system logs to ensure secure operation of all components. Collaborate with other IT group technical resources to translate security and business requirements into technical designs and ensure design decisions continuously adhere to a security-first culture. Tests security products and systems to detect security weaknesses. Support vulnerability scans, security audits, or risk assessments and provide feedback to ensure compliance with corporate security policies and adherence to industry best practices. Perform day-to-day operations and management of deployed security technologies.
o Lead and coordinate remediation efforts from Vulnerability Management & Security Monitoring/SOC program
o Collaborate with SOC to tune SIEM alerts, rules, maintenance jobs, etc. to minimize false positives and noise while ensuring relevant security information is captured and visible
o Collaborate in the definition of metrics, SIEM reports, dashboards and scorecards used for management status and statistical reports; analyzing reports and making recommendations for improvements and present security results and status report to upper management/other IT and Business Groups and develop security risk analysis scenarios and response procedures
o Collaborate and act as lead (when required) in day-to-day operations and management of deployed security technologies
o Support the execution of penetration testing and perform post-mortem of test results in driving the design and implementation of security controls. Perform complex incident investigations based upon events working with other technical and business areas to resolve incidents
o Escalation point for the Security Operation Center for security incidents
o Identify, communicate & lead the planning and the execution of new security initiatives for current and future projects
o Act as SME for operationalized security initiatives and program components (e.g. patch management)
o Participate in developing and co-ordinate the realization of security initiatives & solutions to protect Varian’s IT landscape from the Security & Privacy perspective; emphasizing the requirements to protect the company’s end user devices worldwide from malware, hacking attempts or any other type of malicious activity
o Collaborates across operational teams on security solutions, projects and priorities. Provides guidance and expertise as necessary
o Collaborate on the patching process including vendor security notifications, patching status and compliance to standards. Formalize the security process, so those processes deliver to the goals defined. For all current and future projects
o Support the translation of requirements into security policies for approval & subsequent implementation as well as the maintenance of those
o Support other Security & Privacy initiatives within Varian Medical Systems
o Participates with architecture and design teams to contribute security requirements. Identifying areas where existing security architecture require change or development
o Collaborate in the development of security awareness and compliance training programs, providing communication and training as needed. Ensuring program and content remains relevant to changing conditions
o Creates information security documentation as necessary. Create SOP’s and other work instructions for the resolution of security events by Service Desk and other support teams, as necessary
o Participate in setting the direction for infrastructure wide security projects, roadmaps and strategies. Ensuring alignment with Security & Privacy and global strategies
o Occasional international travel might be required
o Performs other related duties as assigned.
o Bachelor’s degree in computer science preferred or the equivalent combination of education, training, or work experience.
o 6-8 years Information Technology experience and requires 3 or more years of IT security and operations risk management experience.
o Desirable certification(s) include, Security+, GCIA, GCIH, CISSP, EC-Council Certified Ethical Hacker. Experience with cyber security standards. NIST, FISMA, ISO, NERC et al.
o Experience managing large amounts of information, including monitoring security risks, conducting security audits, monitoring security exceptions, assessing new systems for security risks, and synthesizing information in actionable and publishable reports.
o Experience in enterprise security architecture design, process development and enterprise security document creation.
o Proven experience managing small-medium size projects, with the ability to meet deadlines and stay under budget.
Knowledge & Skills
o Knowledge and relevant experiences in leveraging SCCM or other tools for enterprise roll-out preferred
o Knowledge and relevant experiences to harden Windows OS and other client applications (e.g. Adobe, JAVA) preferred
o Knowledge and relevant experiences with 3rd party patch management tools preferred (e.g. Secunia, Shavlik, Flexera, Ninite, Lumension, etc)
o Knowledge and relevant experiences in latest end user device protection technologies eg. logging, anti-malware protection, sandboxing, zero-day attack prevention preferred
o Strong sense of ownership, urgency, and drive
o Ability to influence and coach others
o Sharp analytical abilities and proven technical architecture design skills
o Extensive knowledge of the Windows Security Log and Group Policy Audit Policy, Linux/Unix.
o Proven experience in multi-national company and distributed team
o Requires in-depth knowledge of security issues, techniques, and implications across all existing computer platforms
o Knowledge of networks technologies (protocols, design concepts, access control)
o Proven ability to lead internal security investigations
o Proficiency in time management, communications, decision making, presentation and organizational skills
o Proficiency in planning, reporting, establishing goals and objectives, standards, priorities and schedules
o Proficiency in decision-making and problem solving skills, systematic approaches to review, healthy skepticism and challenges of assertions through analytic review and technical validation
o Proficiency in verbal and written communication skills to technical and non-technical audiences of various levels in the organization
o Experience establishing and maintaining effective working relationships
o Fluency in English
Technical Recruitment Consultant