Citrin CoopermanRemote
Senior - Security Engineer, Information Security (51372)
United States of America
Full Time
6 days ago
H1B Sponsor Likely
Key skills
PythonBashPowerShellAWSAzureGCPSplunkRisk ManagementCommunicationCollaborationPenetration TestingNetwork SecurityCloud Security
About this role
Citrin Cooperman offers a dynamic work environment, fostering professional growth and collaboration. They are seeking a Senior Security Engineer to join their Information Security team, responsible for protecting digital assets through the management of security technologies and leading incident response efforts.
Responsibilities:
- Deploy and manage EDR solutions across enterprise endpoints including workstations, servers, and mobile devices
- Configure detection rules and automated response actions to identify malware, suspicious behaviors, and advanced persistent threats
- Conduct proactive threat hunting to identify compromised systems and hidden threats
- Maintain agent deployment coverage and optimize EDR performance across all critical assets
- Administer SIEM platform including log source onboarding, parsing, and correlation rule development
- Design use cases and correlation rules to detect security incidents and policy violations
- Monitor and triage security alerts to determine severity, scope, and impact
- Create dashboards and reports for security metrics, compliance, and executive visibility
- Integrate threat intelligence feeds to enhance detection capabilities
- Serve as escalation point for security incidents following established procedures
- Perform digital forensics and investigation including log analysis, memory analysis, and disk forensics
- Coordinate incident response across IT, legal, HR, and executive stakeholders
- Document incidents thoroughly include timelines, indicators of compromise, and remediation actions
- Develop and maintain incident response playbooks for common attack scenarios
- Participate in tabletop exercises and conduct post-incident reviews to improve security posture
- Establish and maintain a continuous vulnerability management program
- Deploy and manage vulnerability scanning tools across network, systems, applications, and cloud infrastructure
- Analyze vulnerability scan results and prioritize remediation based on risk, exploitability, and business impact
- Work with system owners and IT teams to develop remediation plans and track vulnerability closure
- Monitor threat intelligence sources for emerging threats, exploit activity, and vulnerabilities affecting the organization
- Conduct risk assessments for newly discovered vulnerabilities and provide guidance on compensating controls
- Generate vulnerability metrics and reports for management and compliance purposes
- Integrate vulnerability data with SIEM and EDR for enhanced threat correlation
- Perform penetration testing coordination and validate remediation effectiveness
- Maintain vulnerability management policies, procedures, and SLAs
- Participate in 24/7/365 security operations center (SOC) rotation (if applicable) or on-call rotation
- Collaborate with IT operations, development, and business teams on security initiatives
- Mentor junior security analysts and share knowledge across the security team
- Stay current with emerging threats, attack techniques, and security technologies
- Contribute to security awareness training programs by providing real-world incident examples
- Manage email security gateway solutions to detect and block malicious emails, phishing attempts, and spam
- Investigate and respond to reported phishing emails and business email compromise (BEC) attempts
- Analyze email-based threats and implement rules to block malicious senders, domains, and attachment types
- Monitor email security metrics and trends to identify emerging attack patterns
- Work with human security awareness team to shape awareness campaigns and phishing simulations to improve user vigilance
- Implement and manage DLP solutions across email, endpoints, network, and cloud applications
- Create and tune DLP policies to prevent unauthorized data exfiltration while minimizing false positives
- Monitor DLP alerts and investigate potential data leakage incidents
- Classify sensitive data and configure appropriate protection controls based on data classification
- Collaborate with business units to understand data flows and implement appropriate DLP controls
- Generate DLP metrics and reports for compliance and risk management purposes
Requirements:
- Have a bachelor's degree in computer science, Information Security, Cybersecurity, or technical field related
- Have equivalent work experience may be considered in lieu of degree
- 3+ years of hands-on experience in information security operations, SOC, or similar role
- Have demonstrated experience with EDR platforms and endpoint security management
- Have experience conducting incident response investigations and forensic analysis
- Have hands-on experience with vulnerability management and remediation programs
- Have experience with email security solutions and investigating phishing/BEC attacks
- Be familiar with DLP technologies and data protection strategies
- Have a track record of managing security incidents from detection through resolution
- Possess a strong understanding of attack vectors, TTPs, and MITRE ATT&CK framework
- Be proficient in log analysis, correlation, and security event interpretation
- Have experience with EDR platforms (CrowdStrike, SentinelOne, Microsoft Defender, Carbon Black, Cortex XDR)
- Have hands-on experience with SIEM solutions (Splunk, QRadar, Azure Sentinel, LogRhythm, Elastic SIEM)
- Be knowledgeable of vulnerability management tools (Tenable, Qualys, Rapid7)
- Have experience with email security gateways (Proofpoint, Mimecast, Barracuda, Microsoft Defender for Office 365)
- Be familiar with DLP platforms (Symantec DLP, Microsoft Purview, Forcepoint, Digital Guardian)
- Understand network protocols, packet analysis, and network security monitoring
- Have experience with scripting/automation (Python, PowerShell, Bash) for security operations
- Be knowledgeable of cloud security (AWS, Azure, GCP) and hybrid environments
- Understand security frameworks (NIST CSF, CIS Controls, ISO 27001, MITRE ATT&CK)
- Be knowledgeable of compliance requirements (PCI DSS, HIPAA, SOX, GDPR) as applicable
- Possess a strong security‑focused mindset with deep understanding of compliance frameworks
- Work effectively under pressure and adapt to rapidly changing environments
- Be highly analytical, detail‑oriented, and self‑driven with strong ownership
- Possess excellent verbal and written communication skills
- Possess strong collaboration, interpersonal skills, and consistent follow‑through