The Cybersecurity Solutions Engineer is a role within the Liberty Mutual Cybersecurity Operations Center responsible for building and implementing new capabilities for cyber threat hunting, monitoring and identification of anomalous activity for the Cyber Security Operations Center. Conduct threat monitoring and hunting while utilizing cyber threat intelligence to expand capabilities beyond SIEM detections. Utilize threat data to conduct investigations which may result in security incidents. The role includes mentoring Senior CSOC engineers through incident response consultation or through incident escalation. This is a critical front-line cyber security role responsible for protecting Liberty Mutual’ s assets, networks, and systems from cyber threats.
Perform threat hunting and risk assessments, conduct incident handling tasks based on daily process and/or procedure.
Identify potential security control gaps in an enterprise environment and provide solutions to mitigate compromise. Review threat intelligence to ensure enterprise is prepared to defend attacks.
Complete threat assessments to properly scope organizational wide incidents.
Conduct threat hunting across the enterprise network to discover indicators of a network breach or system compromise.
Comprehensive knowledge of Firewall, IDPS and WAF logs, ability to hunt for threats across the perimeter and across cloud environments.
Incorporate cyber threat intelligence to enhance hunting capabilities.
Investigate alerts generated by network security controls to prevent data loss and maintain the integrity of corporate information.
Participate in Financial sector and Information Security communities to share and consume intelligence to further enhance discovery capabilities.
Analyze files and binaries for indicators of malicious capabilities resulting in reporting on findings which can be used for retrospective or future detection.
Provide mentoring to Senior Cybersecurity Engineers on the processes of advanced information security investigation, threat hunting and incident procedures.
Develop applications or scripting for forensic and incident response analysis.
Deep understanding of key business initiatives and identifies improvements that address highly complex technical functional and technical gaps within single business process.
Provides consultation on highly complex technology to address security gaps which enable business processes.
Ability to lead projects and enhance technology capabilities which support long term strategies
Works closely with Security Architects team to drive adaptation of security standards across the organization.
Ability to influence change to security posture though data driven analysis
Required 24×7 on-call participation per on-call rotation
Apply continuous iteration to current processes and monitoring based on lessons learned.
Primary Location: Remote
Additional Locations: Indianapolis, IN; Boston, MA; Dover, NH; Portsmouth, NH; Plano, TX; Seattle, WA;