Job Description

Job Title : Security Engineer with Firewall, EDR , SIEM, Email Security

Location: Remote- USA

Mode of Hire: Contract

Job Description:

Adding the specific tools to look for ,

• Firewalls: Sonic Wall, Cisco Meraki
• EDR: Microsoft Defender & XDR
• SIEM: Azure Sentinel
• Email Security: Proofpoint / M365 Security
• VAPT - Tenable Io, Nessus and Rapid 7

Experience: 7 10+ years
Reports To: Security Architecture Lead

Role Summary

We are seeking a highly skilled Senior Security Engineer (Level 3) to design, implement, and optimize our enterprise security controls. This role requires deep technical expertise in firewalls , endpoint detection & response (EDR) , SIEM engineering , and email security platforms . The ideal candidate will act as a technical SME, lead advanced threat analysis, support incident response, and guide junior engineers.

Key Responsibilities:

1. Firewall Engineering & Network Security

• Architect, configure, and maintain enterprise firewalls (Palo Alto / Fortinet / Cisco / Check Point).
• Create, review, and optimize security policies, NAT rules, segmentation, and zero-trust network zones.
• Perform firewall upgrades, log analysis, policy audits, and change management.
• Lead troubleshooting of advanced network security issues (L3/L4/L7).
• Integrate firewall telemetry with SIEM and automation platforms.

2. Endpoint Detection & Response (EDR)

• Serve as SME for EDR platforms (CrowdStrike, SentinelOne, Microsoft Defender, Carbon Black, etc.).
• Tune detection rules, behavioral analytics, and response playbooks.
• Manage EDR deployments, health checks, version upgrades, and agent monitoring.
• Analyze suspicious endpoint activity, malware behavior, lateral movement attempts, and persistence methods.
• Collaborate with IR team for endpoint containment and forensic investigations.

3. SIEM Engineering & Log Analytics

• Own SIEM platform engineering (Splunk / MS Sentinel / QRadar / Elastic).
• Build and tune correlation rules, dashboards, parsers, and automated threat response workflows.
• Onboard new log sources (firewalls, servers, EDR, cloud services, UBA, email gateways).
• Conduct threat hunting using SIEM, UEBA, and network telemetry.
• Improve detection coverage based on MITRE ATT&CK and past incidents.

4. Email Security & Messaging Protection

• Manage secure email gateways (Proofpoint / Mimecast / Microsoft Defender M365).
• Implement DMARC, DKIM, SPF, anti-spam, anti-phishing, URL rewriting, and attachment sandboxing.
• Investigate phishing campaigns, BEC attempts, malware attachments, and credential harvesting.
• Tune policies to reduce false positives and increase threat visibility.

5. Incident Response & Threat Analysis

• Act as L4 escalation for major incidents across endpoints, email, network, and cloud.
• Perform deep-dive analysis including packet captures, log correlation, malware triage, and kill chain mapping.
• Support threat hunting, threat intel integration, and adversary behavior analysis.

6. Security Architecture & Hardening

• Recommend architecture improvements for network segmentation, endpoint hardening, and identity security.
• Perform risk assessments, vulnerability reviews, and security control validation.
• Lead technical evaluations for new security technologies and vendors.
• Contribute to zero-trust architecture planning and implementation.

7. Automation, Integrations & Documentation

• Use scripting (Python, PowerShell, Bash) to automate repetitive tasks and log parsing.
• Integrate security tools with SOAR platforms.
• Create runbooks, design documents, diagrams, and engineering-level documentation.
• Mentor junior security engineers and provide L3/L4 engineering guidance.

Required Qualifications:

• 7 10+ years of experience in security engineering or SOC engineering.
• Advanced experience with:
  • Firewalls: Palo Alto / Fortinet / Cisco / Check Point
  • EDR: CrowdStrike / SentinelOne / Defender
  • SIEM: Splunk / Sentinel / QRadar / Elastic
  • Email Security: Proofpoint / Mimecast / M365 Security
• Strong understanding of TCP/IP, DNS, TLS, VPN, routing, switching, and network protocols.
• Deep knowledge of threat detection, malware analysis fundamentals, and adversary TTPs.
• Experience with MITRE ATT&CK, NIST, CIS controls , and enterprise security frameworks.
• Strong scripting knowledge (Python/PowerShell preferred).
• Experience in cloud environments (AWS / Azure / GCP) preferred.

Preferred Certifications:

• CISSP
• CCSP
• Palo Alto PCNSE or equivalent
• GIAC GCIA / GCIH / GCED / GCFA
• Microsoft SC-200 / SC-300
• CrowdStrike or SentinelOne certifications

Soft Skills:

• Strong analytical and problem-solving mindset.
• Ability to lead high-severity incidents under pressure.
• Excellent communication and documentation skills.
• Ability to mentor and guide junior team members.

Job Tags

Similar Jobs