Description

The Cyber Defense Principal Security Engineer is a senior individual contributor responsible for developing, maintaining, troubleshooting, tuning, and documenting security tool detections/rules used for detecting cyber-attacks, intrusions, and data loss incidents.

In this role, you will possess an expert level understanding of security use cases and the ability to apply them to event data in support of the Security Operations Center’s (SOC) monitoring and response efforts. The Principal Security Engineer will work across multiple technology platforms, including specific responsibilities for supporting Cisco Firepower and Palo Alto IDS/IPS policies and rules, and interface with other groups at the bank within Enterprise Technology & Security.

Primary responsibilities include to:

• Develop and maintain IDS/IPS policies and rules for Cisco Firepower and Palo Alto systems: Regularly review and update IDS/IPS policies and rules to ensure they are current and effective. Develop new detection rules based on emerging threats and intelligence.

• Tune IDS/IPS systems: Continuously optimize IDS/IPS configurations to minimize false positives and enhance detection accuracy. Conduct regular performance assessments and make necessary adjustments.

• Develop detections for SIEM and other SOC tools: Implement security use cases and transform them into correlation queries, templates, rules, and alerts across multiple cloud environments and on-premises technologies.

• Create technical documentation for deployed content: Document IDS/IPS configurations, tuning procedures, and any changes made to policies and rules. Ensure documentation is up-to-date and accessible to the team.

• Monitor the health and performance of security tools: Ensure that IDS/IPS are functioning properly. Address any performance issues and coordinate with teams/vendors for support if necessary.

• Integrate cyber threat intelligence into defensive systems: Enhance IDS/IPS capabilities by integrating relevant threat intelligence feeds and indicators of compromise (IOCs).

• Develop reports, dashboards, workflows, and metrics: Create and maintain reports and dashboards that provide visibility into IDS/IPS activity and effectiveness.

• Collaborate on SIEM functional requirements: Work with the SIEM team to ensure effective logging, event collection, normalization, correlation, reporting, and customization that supports IDS/IPS data.

• Support the Security Engineering team with SOC-related technical issues and incidents. Assist in resolving complex technical issues related to IDS/IPS systems.

• Mentor and train other members of the Cyber Detection Engineering team: Provide guidance and training to junior team members on IDS/IPS best practices, rule creation, and tuning.

• Support detection creation and tuning efforts 24x7 as needed: Be available to address critical IDS/IPS issues and incidents outside of regular business hours when necessary.

Required Skills/Experience:

• Excellent understanding of Cybersecurity Operations and Incident Response processes.

• Expert level knowledge of IDS/IPS technologies (Cisco Firepower, Palo Alto, etc.)

• Expert level knowledge of detection creation/tuning concepts and best practices.

• Experience working with cloud computing platforms such as Amazon Web Services, Azure, etc.

• Deep understanding of events, related fields in log records, and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, HIDS/HIPS, WAFs, firewalls, and web proxies.

• Solid understanding of various operating systems (Window, Unix, Linux, AIX, etc).

• Advanced ability to develop regular expressions.

• Advanced ability to automate tasks using a preferred language (e.g. Snort).

• Excellent oral and written communications skills.

• Strong analytical skills.

• Self-motivation with the ability to work under minimal supervision.

Preferred Skills/Experience:

• 7 years of proven hands-on experience in IDS/IPS concepts.

• Experience with SOC technologies such as SIEM, EDR, anti-virus, network-based threat detection, and netflow.

• Strong understanding of enterprise logging standards.

• Understanding of cyber kill chains and campaign strategies such as MITRE ATT&CK.

• Ability to interact with common APIs.

• Proven successful working relationships with teams outside of Cybersecurity.

Education, Certifications and/or Other Professional Credentials:

• Bachelor’s Degree (Security / IT Related) or equivalent combination of experience

• A combination of relevant industry certifications including, but not limited to CISSP, GREM, GCIH, GCIA, CEH, GCED, CISA, etc.

Hours & Work Schedule

Hours per Week: 40

Work Schedule: Monday through Friday, 8:30am – 5:00pm

Pay Transparency:

The salary range for this position is $127,520 - $150,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.

#LI-Citizens1

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

At Citizens we value diversity, equity and inclusion, and treat everyone with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.

Equal Employment and Opportunity Employer

Citizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.

Why Work for Us

At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.

10/04/2024