JOB PROFILE SUMMARY
We are looking for a lead cybersecurity engineer to join our team with a strong focus on security tooling, integration, automation, and data analytics to support detection and response. The Defense Analytics and Integration team provides expertise in security log collection & integration, automation of processes, development and continuous innovation of tooling, system integration and analytics of data in support of detection and response to better respond to and prevent threats in an ever-changing environment. We expect you to have strong experience in security technologies such as SIEM as well as coding ability for automation and integration work.
- Maintain expert knowledge and understanding of our security technologies, leading the delivery of process and system improvements, driving implementation of continuous improvement plans and ensuring best practices are shared across the team.
- Continuously review and implement additional automation and integration into our systems.
- Support the wider teams in improving data accuracy by implementing controls, automation, and reporting in our tooling and metrics.
- Continuous identification and improvement of unused capability in our current systems to maximize value.
- Provided advanced technical expertise in support of information security tooling and automation.
- Design, develop, implement, and support our security solutions across multiple security services and products in both on-premises and cloud environments.
- Work with the wider team to continuously improve and tune our content and tooling to better detect and respond to malicious activity.
- Compile and analyze security data for reporting and metrics.
- Gather additional data sources and feeds for better visibility in support of detection and response.
- Use data analytics and visualizations to view and interact with data in new ways.
- Develop and maintain a roadmap for security technologies and processes.
- Serve as a technical leader and expert in the team providing guidance and mentoring to less experienced team members.
- Support a collaborative team environment utilizing agile development methodologies and principles.
TECHNICAL COMPETENCIES / EXPERIENCE
- Strong technical knowledge of security technologies including SIEM, UEBA, SOAR, IDS/IPS, EDR as well as knowledge of network technologies, databases, web applications, cloud-based services and infrastructure, and identity management platforms.
- API Integrations and XML/JSON formatting.
- Prior experience with one or more databases and database query languages.
- Understanding/prior experience with Azure (AAD, app registrations, custom APIs, functions, workspaces, log analytics, Sentinel, serverless infrastructure, KQL, Azure DevOPS pipelines, logic apps, etc.) and AWS (S3 buckets, GuardDuty, Lambda, CloudFront, CloudWatch, CloudTrail, etc.)
- Strong knowledge of operating systems including Windows, Linux and MacOS.
DESIRED EDUCATION / TRAINING
College degree or technical certification (SANS, Cyber Security). Working experience may also substitute for a degree.
SANS Certification: One or more of: GCIA, GCIH, GCFE, GCFA
AT BP, WE PROVIDE THE FOLLOWING ENVIRONMENT & BENEFITS:
- A company culture where we respect our diverse teams and are proud of our achievements
- Possibility to join social communities and networks
- Learning and development opportunities to craft your career path
- Life & health insurance, medical care package
- And many others benefits!
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Apply now if this excites you.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.