Lead Cyber Security Engineer

The Lead Cyber Security Engineer – Cyber Defense is responsible for designing, fixing and maintaining tools and processes to ensure fast and flawless cyber security threat detection, investigation and response along with keeping systems related to cyber operations up-to-date and effective. Their primary responsibilities will be integrating new vendors/tools with SIEM, troubleshooting SIEM-related technology stack, onboarding new log sources, leading projects for new initiatives, architecting new and existing designs, keeping SIEM-related content and configurations up-to-date and working with security engineering team to make sure that detection capabilities are tuned and enabled. They will also automate processes related to security operations to increase effectiveness of detection and response.

• Perform the day-to-day engineering responsibilities related to threat detection and response including threat intelligence, security event correlation (SIEM), security monitoring, security analytics (UEBA), threat hunting, security investigations and security incident response.
• Continuously monitor health alerts and events of various systems related to SIEM and Cyber Defense Centre tools/vendors.
• Lead the engineering for cyber security, including but not limited to SIEM for updates, configurations, maintenance and troubleshooting.
• Investigate and fix broken processes, automations, connectors, and automations either individually or collaborating with other teams to mitigate the impact to the security operations.
• Provide post-troubleshoot and post-maintenance reports and lessons learned to improve cyber engineering efforts.
• Maintain documentation of operational procedures and similar references, including cyber engineering, log onboarding, troubleshooting, architectural designs etc.
• Collaborate with external partners, vendors, government agencies, and private organizations to stay ahead of emerging updates, migrations, changes and configurations to keep the systems effective and up to date.
• Provide input to the strategic designs and architectures regarding cyber defense operations, plans and roadmaps for all engineering functions.
• Provide technical expertise and technology investment recommendations for new technologies and systems.
• Lead and contribute to the planning and execution of projects to build and/or improve threat detection and response capabilities.
• Design and implement automation needs required by cyber defense operations.
• Design and implement dashboards and monitoring needed in Sentinel workbooks.
• Monitor and respond to onboarding requests from internal teams required by compliance/risk purposes.
• Provide support and evidence for requirements for internal/external audit requests.
• On call, off-hours and/or shift work will be required.
• Stay current on the cyber security threat landscape, including the latest attacker tactics, techniques and procedures, and the controls that may serve as effective countermeasures.
• Practice continual improvement for cyber defense practices, and participate in activities to identify improvements, including internal measurement practices, security practice reviews and internal/external audits.

• Training/degree/diploma/certificate in Computer Science, Cyber Security/Engineering or related field.
• A minimum six (6) years in an information/cyber security engineering role.
• SANS SEC511 or SEC530, Microsoft AZ-500 or AZ-305, ISC2 SSCP or similar certification is preferred.
• Extensive experience in Azure logic app design and configurations.
• Extensive experience in Microsoft Sentinel KQL.
• Extensive technical expertise in Azure services and portals such as Defender for Cloud, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps and Defender for IoT, Sentinel, Log Analytic Workspace, Azure monitoring, Data Collection Rules, Azure Entra ID, Azure policies, Enterprise apps and registrations.
• Ability to code in Python.
• Ability to work in a fast-paced environment with minimal guidance and supervision.
• Experience in at least two of the following disciplines in terms of security engineering: threat intelligence, security event correlation (SIEM), security monitoring, threat hunting, security analytics (UEBA), security investigations and security incident response.
• Ability to adapt to constantly changing technical, regulatory, and compliance environments.
• Good verbal and written skills applicable to interactions with all employees including executives.
• Experience working in a banking or financial services environment is an asset.
• Strong technical background in encryption technologies, network communication protocols (SMTP, DNS, HTTP/s and IP), and Azure services (Sentinel, diagnostics, storage accounts and identities).
• Ability to think creatively for solutions to technical problems.
• Experience with NIST CSF, MITRE ATT&CK and Cyber Kill Chain.
• Ability to work independently without direction from supervisors or other managers in projects and technical configurations.
• Ability to manage, deploy and configure Linux systems and troubleshoot issues on Linux systems.