Lead Cybersecurity Engineer
Chicago, IL – hybrid work from home: 3 days onsite in the loop; 2 days WFH
Summary
The Lead Cybersecurity Engineer is responsible for leading incident response activities, threat detection, security monitoring, and cyber defense initiatives in an enterprise, global environment. We're looking for this person to be hands on leading projects, doing engineering and providing escalated support to serious incidents. We are an Azure shop, leaning into AI, and use Crowdstrike Falcon and Netskope extensively. We're looking for this person to lead efforts related to IDS/IPS, Incident Response, Threat Assessments, SIEM, Endpoint Detection, Firewalls, AI security, etc.
What you'll be doing
· Provide primary support for the network security solutions, including next generation firewalls, web proxies, Cloud Access Security Broker (CASB) technologies and other network security technologies
· Participate in and lead troubleshooting and resolution efforts for wide range of security and network related issues
· Review and triage information security alerts, provide analysis, determine and track remediation, and escalate as appropriate
· Proactively identify and assess security risks and works in advisory capacity for technical teams on mitigation strategies
· Participate as a member of the Information Security Operations Team (SecOps) by responding to information security incidents according to the Incident Response Plan
· Help build skillset of less experienced security personnel through knowledge transfer and mentoring
· Perform review of scheduled information security reports to identify abnormal or potentially suspicious activity within the environment
· Maintain the operational integrity of the Security Operations Center (SOC) through monitoring and periodic testing of critical tools and processes
· Develop working relationships with cross-functional teams from Information Technology, Physical Security, Human Resources, Marketing, Privacy, Legal, and third-party vendors to effectively respond to security incidents
· Document information security incident reports to capture relevant details including approach, root cause, lessons learned, and process improvements
· Contribute to the advancement of the security monitoring program through thought leadership and guidance on tools, technologies, and processes that provide automated and proactive detection and prevention
· Develop and improve process/procedure manuals and documentation related to incident response, threat intelligence, threat detection, and analysis of vulnerabilities
· Propose and generate metrics with emphasis on Security Operation Center (SOC) Key Performance Indicators (KPI). Provide secondary support for the log management and Security Information and Event Monitoring (SIEM) solutions, Multifactor Authentication platform (MFA), Privilege Access Management platform (PAM), and vulnerability management tools
Skills we're seeking
· 7+ years of experience with Cybersecurity Engineering
· Must have strong experience with IPS/IDS, Incident Response, Investigations and Remediation
· Must have experience with Threat Detection, Threat Hunting and Threat Remediation
· Must have experience with CrowdStrike or Netskope, ideally both
· Must have SIEM experience, using tools like Splunk, Sentinel or QRadar
· Must have Endpoint Detection experience (EDR/XDR)
· Must have Firewall experience, ideally with Palo Alto firewalls or Next-Gen Firewall (CGFW)
Nice to haves (in this order)
· Experience with Crowdstrike Falcon
· Experience with Netskope
· Experience with AI Security
· Bachelor's degree or Master's Degree in IT, Cybersecurity or related field
· CISSP or other relevant security certifications like GIAC, GCIH, GCFA, GREM, etc.