Staff Security Operations Engineer

Job Description

The 'New' Fox Corporation Information Security team drives security initiatives across all of Fox's US based businesses, including Fox Broadcasting Corporation, Fox Sports (FS1 & FS2), Fox Business and Fox News. Fox is one of the nation's largest broadcast groups and premier sports brands. The newly formed Fox Corporation is heavily focused on producing high-quality live events and high volume direct to consumer digital distribution.

ROLE SUMMARY

Are you ready to join a more agile company ready to rapidly innovate and build new systems? Fox has an innovative security operations program and is looking for a Staff Security Operations Engineer to support and elevate our detection, response, investigation and threat hunting capabilities. Our world-class operations program does not just talk about reducing noise, we did it! Fox has a tierless SOC and the only analyst seats are top tier. We don't just automate to enrich tickets with data, we automate highly complex detection playbooks and arm our team with tools for every mitigation workflow (and give them the power to use them!).

This engineering role will be responsible for all of the technology that empowers the Security Operations program; both supporting the existing technology, and leading the deployment of new technologies to enhance the overall security capabilities of the SOC, the information security team and the whole company (Enterprise and Broadcast). This role is highly technical, requires a hands-on proficiency of all the technology in a Security Operations Center and requires a solid solid understanding of security principles and how to apply them to enterprise environments.

We are interested in someone who is willing to challenge the status quo. We believe automation is king – as mentioned, we use it not only to simply enrich our data, but we use it to undertake complex detection workflows, perform remediation tasks and perform tasks at a scale that would otherwise be impossible. How can we apply threat modeling to daily security operations? What open source technology is available that can be applied as part of our toolset? What gaps could we have in detections; not just today, but in 1 year from now? Bring it all to the table.

We are interested in someone who is passionate about cyber operations; who will never stop learning about the latest threats, and their defenses; who has a curious itch and will constantly discover different attack patterns, test hypotheses over real data sets, and ultimately create detections, investigative, mitigations and preventive services.

ABOUT THE ROLE

Reporting to the Vice President of Cybersecurity Operations, the Staff Security Operations Engineer role will own all technology stacks in the security operations program. This role will work closely with the SecOps leadership to develop the strategies to enhance our program's capabilities. They will not only be the master operator of each technology, but also be the supporting system administrator of these technologies and their underlying infrastructure. They will be responsible for their initial deployment, architecture and tuning, as well as support the maintenance and entire lifecycle of these technology stacks.

This Staff SecOps Engineer will also build and develop custom services and platforms, such as automation scripts or microservices to augment our custom SOAR. They will tune detection systems; enhance detection policies; use adversarial models / TTPs (Tools, Techniques & Procedures) and threat intelligence to build the latest/greatest detections; identify gaps in detection platforms and either work with vendors to improve the technology, bring in new technology, or build custom, in-house solutions; build deception ecosystems (breadcrumbs to trap servers); as well as identify required data sources, and architect/engineer pipelines to get the data needed to make any/all detections.

This role is highly technical and is for do-ers, not for advisors or overseers. This role is not for the development of specifications or guidance, but rather is responsible for implementing the technology (hands on keyboard).

A SNAPSHOT OF YOUR RESPONSIBILITIES
• Lead operator and administrator of the entire security operations technology stack, ensuring optimal architecture, deployment, configuration, tuning, maintenance and operation of: detection platforms, alerting/paging, mitigation services, SIEM, data pipelines, SOAR, automation services, etc. Experience in a large enterprise is paramount, as operating at scale is one of the most challenging aspects of our program
• Build, deploy, configure, set policy and tune platforms to increase detection capabilities, scope and fidelity, as well as eliminate noise: EDR/IDS/IPS, email defenses, NDR/Network, Active Directory defenses, SIEM, WAF, SOAR, Threat Intelligence Platforms, DLP, Deception platforms, Cloud protection (CSPM/CWPP), etc.
• Architect and design SecOps systems, processes, infrastructure and technology. Evaluate cutting edge security technologies, work with proof-of-concepts and drive them towards adoption. Identify, design, architect, vett/test and deploy technologies, and then operate and administer them throughout their entire lifecycle
• Apply knowledge of monitoring, analyzing, detecting and responding to cyber events to develop clever, efficient detections for all types of threats and to weaponize our threat hunting capabilities.
• Build and develop (script/code) custom services/platforms, such as automation scripts or microservices, to augment our custom SOAR or other workflows
• Develop and implement strategies to secure and monitor new technologies when adopted by Fox
• Identify gaps in processes or tooling and implement actionable improvements in technology or processes
• Work with SecOps leadership to set strategies and priorities to increase our capabilities and prepare the company to rapidly detect, protect, and mitigate potential security incidents; and then implement the technology required to achieve these goals. This includes enhancing our detection and investigation capabilities with threat correlations and intelligence; integrating situational awareness of system intrusions; enhancing ticket data, and automate mitigation of threats
• Administration of SIEM (Splunk, Sumo) and data pipelines (forwarders, data lakes, Cribl), including both detection/dashboards, as well as platform efficacy and operational optimization.
• Build and maintain threat Intelligence Platforms: Develop and maintain threat intelligence system to ingest IOC data from multiple external threat intelligence feeds (STIX, TAXII). Monitor and maintain a MISP installation, indicator ingestion, and evaluate new threat feeds for MISP
• Own the deployment of deception technology (e.g. honeypots, honey hashes) across both enterprise and cloud environments. This includes planting breadcrumbs on endpoints/services, and then laying trap servers/services
• Work with Enterprise teams to develop architecture that fuses defenses and detections together to increase the effectiveness of detections. This includes not only endpoints and email; but networks, active directory, cloud (e.g. IAM), Access/Authentication/Authorization, Zero Trust, jumphosts/bastion, firewalls, etc.
• Identify data sources required, and then architect/engineer pipelines to get the data needed to make any/all detections
• Apply knowledge of monitoring, analyzing, detecting and res

[more...]

Jobcode: Reference SBJ-rz23nq-44-197-111-121-42 in your application.