Remote Cybersecurity Incident Response Engineer @ Jacobs

At Jacobs, we are dedicated to pushing the boundaries of innovation and delivering exceptional solutions to our clients. As a leader in our industry, we recognize the critical importance of synergies between cybersecurity, infrastructure, data, applications, and cloud technologies in today’s digital landscape.

We are looking for a skilled and experienced Cybersecurity Incident Response Engineer with expertise in building rules for Security Operations Centers (SOC), workflows for Security Information and Event Management (SIEM) systems, and capability to perform system administration responsibilities for other cybersecurity systems to join our dynamic team.  This role requires a broad understanding of cybersecurity principles, incident response procedures, and the ability to work in a fast-paced environment.

Your Profile will include

Correlation Rule Development:

• Design, develop, and implement correlation rules within SIEM systems to identify and respond to security events.
• Continuously refine and optimize correlation rules to reduce false positives and improved detection accuracy.
• Collaborate with SOC analyst and incident responders to understand threat scenarios and translate them into effective correlation rules.

Log Source Management:

• Configure and manage log sources to ensure comprehensive and accurate data collection from various security devices, applications, and network infrastructure.
• Validate the integrity and completeness of log data to support effective monitoring and incident investigation.
•  Work with system owners to onboard new log sources and ensure they are correctly integrated into the SIEM system.

Security Monitoring and Incident Response Incident Response:

• Monitor security alerts and events generated by SIEM system to detect potential security incidents.
• Assist in the investigation and analysis of security incidents, providing expertise on the interpretation of SIEM data and correlation rules.
• Collaborate with SOC team members to ensure optimal performance and security.

System Administration:

• Perform regular maintenance and updates of SIEM, EDR, SOAR and Case Management systems to ensure optimal performance and security.
• Troubleshoot and resolve issues related to SIEM, EDR, SOAR and Case Management systems, log source integrations and business logic.
• Maintain documentation of SIEM, EDR, SOAR and Case Management configurations, correlations rules, and log source setups.

Reporting and Compliance:

• Generate and review reports on security events, incidents, SIEM, EDR, SOAR, and Case Management system performance.

Required Skills and Qualifications

Technical Skills:

• Proficiency in configuring and managing SIEM, EDR, SOAR, and Case Management Systems (e.g., QRadar, IBM-Resilient, CrowdStrike Falcon)
• Strong knowledge of security event logging, log management, and log analysis.
• Experience in scripting languages (e.g., Python, PowerShell) for automating tasks and developing custom scripts for SIEM, EDR, SOAR, and Case Management systems.
• Endpoint Detection & Response
• Experience creating, managing, and monitoring Sensor Upgrade policies.
• Experience creating, managing, and monitoring Prevention policies.
• Validating and whitelisting false positive detections within the Jacobs environment
• Manage the hygiene of all endpoints in CrowdStrike to ensure correct versioning and policy assignment.
• Ability to create workflows using built in SOAR capabilities.

Security Knowledge:

• In-depth understanding of cybersecurity principles, threat landscapes, and attack vectors.
• Familiarity with network protocols, operating systems (Windows, Linux, iOS) and common security technologies (firewalls, IDS/IPS, antivirus, etc.)
• Knowledge of regulatory requirements and industry standards (e.g., GDPR, HIPPA, PCI-DSS, NIST, MITRE ATT&CK)

Analytical and Problem-Solving Skills:

• Strong analytical skills to interpret complex log data and develop effective correlation rules.
• Ability to troubleshoot and resolve technical issues related to SIEM systems and log sources.
• Attention to detail and a methodical approach to problem-solving.

Communication and Collaboration:

• Excellent written and verbal communication skills for documenting configurations and reporting incidents.
• Ability to work collaboratively with SOC analysts, incident responders, and other stakeholders, including technical teams, management, and external partners.
• Strong organizational skills to manage multiple tasks and projects simultaneously.

Education:

Bachelor’s degree in computer science, information technology, or equivalent length of experience in cybersecurity, or related field.

Professional Experience:

• 3-5 years of administration experience specifically in SIEM (QRadar), Endpoint Detection & Response (CrowdStrike Falcon), SOAR & Case Management (IBM-Resilient).
• 3-5 years of experience in SOC operations or related cybersecurity role.
• Proven track record of developing an optimizing correlation rules in SIEM systems.
• Hands-on experience with configuring and managing log sources from various security devices and applications.
• Demonstrated ability to lead SIEM, EDR, and SOAR implementation projects and coordinate with multiple teams.

Any one of the following certifications is desired:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Ethical Hacker (CEH)
• GIAC Security Essentials (GSEC)

SIEM – Specific Certifications:

• IBM Certified Associate Administration – IBM QRadar SIEM
• IBM Certified Administration – IBM QRadar SIEM

EDR – Specific Certifications:

• CrowdStrike Certified Falcon Administrator (CCFA)

SOAR – Specific Certifications

• IBM Resilient SOAR Foundations Badge
• IBM Certified SOC Analyst – QRadar SIEM