Security Threat/Operations Engineer

Open roles: 2


Responsibilities and Duties

•             Provide continuous evaluation of enterprise threat landscape and technical threat hunting capabilities.

•             Drafts, implements, and refines incident response runbooks and procedures.

•             Promotes a broad range of security objectives such as threat identification, Device Health, Data, and Information Protection.

•             Performs monitoring and analysis of security events on a variety of systems to detect security risks, IOCs, and TTPs.

•             Provides support including network, application, and desktop troubleshooting for security incidents.

•             Supports incident response process by documenting all actions taken during investigations.

•             Collaborates with business and technology leaders to ensure the successful remediation of discovered security weaknesses.

•             Assists with reporting on security gaps and security posture.

•             Works closely with cross-functional teams to ensure technology implementations follow the policies and procedures defined by this role.

•             Acts as on-call contact for Security escalations.

•             Provide content and alerting suggestions for the enterprise SIEM environment to SOC partners in alignment with enterprise threat landscape.

•             Validate vulnerability findings for false positives and negatives, and document findings for future use.

•             Works with MSSP to tune and build relevant content and alerting structure within the enterprise SIEM aligned with client landscape.

•             Identify, contain, mitigate, recover, and report on cyber-security incidents affecting the enterprise.

•             Research the latest threat intelligence, vulnerabilities, exploits, and other relevant threat information and trends on various attacks and attack landscapes for the healthcare industry.

•             Document work within a security operation ticketing system.



•             Bachelor's Degree, Coursework, or Certification in Cybersecurity-related fields.

•             3+ years in Security and security technology roles.

•             One or more certifications not limited to: Security+ (preferred), GIAC GCIH, CEH.

•             Strong knowledge of O365 environment security, including Azure, Azure AD, SharePoint, Office, One Drive, and Teams.

•             Email security administration and monitoring experience.

•             Technical knowledge of endpoint security technologies including NGAV, EDR, and MDM.

•             Advanced knowledge of Mitre Att&ck framework, TTPs, and defense architectures.

•             Security and IT Metrics experience a plus