[Remote] Senior Cyber Security Engineer

Note: The job is a remote job and is open to candidates in USA. Stack AV is developing revolutionary AI and advanced autonomous systems for the trucking transportation industry. The Cyber Security Engineer role involves securing Stack AV’s environment, developing threat detection capabilities, and leading security investigations and incident response efforts.

Responsibilities

• Develop new cyber detections for threats and other uses cases using our SIEM and other security tooling
• Develop automated processes for triaging security incidents and incident response in general
• Assesses software and service requests from within the organization
• Deploy and develop solutions to better secure Stack AV’s infrastructure, data, and people
• Conduct and/or arrange vulnerability and other security assessments on Stack’s infrastructure
• Respond to security incidents and drive the effort to mitigate and/or remediate findings

Skills

• Experience working with and managing Security Information and Event Management (SIEM) tools such as Splunk, Sumo Logic, Elastic, etc
• Threat hunting experience endpoint, network, DNS, email, EDR, and audit logs, as well as netflow and packet captures
• Experience working with and managing utilizing Endpoint Detection and Response (EDR) tools such as Crowdstrike, Sentinel One, Microsoft Defender, etc
• Thorough understanding of MacOS, Linux, and Windows hardening and security best practices
• Experience creating threat and DLP signatures for network, endpoint, email, and cloud/SaaS security solutions to identify potential attacks, exploits, or data exfiltration attempts
• Extensive experience developing and automating incident response policies
• Experience delivering complex projects, including coordinating and driving issues to resolution utilizing excellent technical troubleshooting skills
• A drive to learn and work with industry leading technologies
• An understanding of network orchestration and automation with Python, Ansible, and Terraform. Any experience automating security operations tasks or using SOAR platforms is a plus
• Experience with DevSecOps practices, including securing containerization technologies (Kubernetes, Docker, etc), artifact repositories (Artifactory, CodeArtifact, etc), and CI/CD or version control systems (GitHub, GitLab, etc)
• Experience working with Security Access Service Edge (SASE) solutions such as Zscaler, Prisma Access, Netskope, etc
• Thorough understanding of email security and best practices. Experience working with Secure Email Gateways (SEGs), Mail Transfer Agents (MTAs), and end user training solutions like Knowbe4 is highly desirable
• Experience with both traditional DLP and Cloud Access Security Broker (CASB) solutions, especially developing data classification policies, signature detection, and response runbooks
• Extensive experience with network security tooling and practices such as layer 7 firewalls and Unified Threat Management (UTM) solutions, Intrusion Detection and Prevention Systems (IDS/IPS), malware sandboxing, Network Detection and Response (NDR) solutions, netflow and telemetry aggregation, systems, microsegmentation, web application firewalls (WAFs), load balancers, network taps, DNS security solutions, etc
• Thorough knowledge of Public Key Infrastructure (PKI), certificate lifecycle management, 802.1x implementation, mTLS, etc
• Experience with Google Workspace, especially developing Trust Rules to secure and control sensitive data and enhancing DLP capabilities
• Experience with developing information security architectures and securing complex infrastructure environments
• Work with Stack's highly technical software and hardware engineering teams to understand their goals, and deploy tools and solutions to get the data accessible to them for development

Company Overview