XDR Engineer

Why Join Us?
As the world's leading vendor of Cyber Security, facing the most sophisticated threats and attacks, we've assembled a global team of the most driven, creative, and innovative people. At Check Point, our employees are redefining the security landscape by meeting our customers' real-time needs and providing our cutting-edge technologies and services to an ever-growing customer base.

Check Point Software Technologies has been honored by Time Magazine as one of the World's Best Companies for 2024. We've also earned a spot on the Forbes list of the World's Best Places to Work for five consecutive years and recognized as one of the World's Top Female-Friendly Companies. If you're passionate about making the world a safer place and want to be part of an award-winning company culture, we invite you to join us.

As the IGS XDR Engineer within our Infinity Global Services (IGS) Managed eXtended Detection and Response (MXDR) Team at Check Point, you will assume a pivotal role in safeguarding our customer's digital assets, sensitive data, and critical systems against cyber threats and attacks. Leveraging your expertise in vulnerability identification, robust security implementation, and incident response, you will significantly enhance our customer's overall security posture. Collaborating closely with cross-functional teams, you will assess risks, formulate effective security strategies, and ensure adherence to industry standards and regulatory requirements.

Your strong technical acumen and analytical mindset will be instrumental in the prompt detection and mitigation of security breaches, as well as the proactive anticipation and mitigation of potential threats.

Staying at the forefront of emerging cyber threats and trends, you will bolster the customer's defenses, maintaining a resilient and secure IT environment. This role is ideal for a self-driven professional, that is passionate about cloud security, well-versed in major public cloud platforms, and adept at utilizing state-of-the-art tools to monitor security across cutting-edge offerings. By directly supporting top-tier companies across the United States, you will be at the forefront of cybersecurity innovation and excellence.

Key Responsibilities

• Collaborate closely with DevOps and product teams to deliver security monitoring services to multiple clients.
• Perform vigilant monitoring across various security dimensions, including intrusion detection, file integrity, endpoint protection, log management, and SIEM solutions.
• Leverage expertise in cutting-edge XDR solutions, such as Microsoft Sentinel, Microsoft Defender for Endpoint, Check Point Harmony Endpoint, and other EDR solutions.
• Navigate cloud environments, particularly Azure, to ensure comprehensive security coverage.
• Skillfully analyze security events using log data and open-source intelligence to distinguish between legitimate and false-positive incidents.
• Maintain meticulous records of security monitoring activities through efficient case management and ticketing technologies.
• Contribute to the development, implementation, and maintenance of environment-specific rules, alerts, and dashboards within SIEM tools using custom queries.
• Collaborate with clients to tailor and configure SIEM tools, aligning them with specific security and compliance requirements.
• Effectively communicate security alerts to team members and clients regarding anomalies within the environment.
• Apply technical writing prowess to craft formal documentation, including analytical reports and briefings.
• Create and uphold a repository of standard operating procedures, technical documents, training materials, and troubleshooting guidelines for various security solutions.
• Participate in on-call rotations to provide support beyond regular business hours, catering to client operational needs.
• Conduct comprehensive data reviews to evaluate the efficacy of existing security and operational measures.
• Assist in the administration and maintenance of SIEM, Log Management, and Data Analytical Platforms.
• Address customer-initiated requests, such as Log Source configuration, Data Parsing, Use Case Development, and the resolution of complex issues related to managed security services.
• Innovate by developing technical solutions that automate repetitive tasks, enhancing operational efficiency.
• Provide leadership, guidance, and instruction to SOC analysts, fostering a collaborative team environment.
• Manage ticketing processes, including ticket creation, follow-up, and resolution, ensuring timely customer support.
• Employ a combination of tools and analytical skills to investigate and identify the root causes of issues across various technologies.
• Proactively monitor and provide near-real-time updates on the cyber security status, facilitating swift responses to emerging threats and incidents.

What are we looking for

• Upbeat and positive attitude Strong analytical and troubleshooting skills Excellent written and verbal communication skills
• Team player
• Prior experience performing as a SOC Analyst
• Working knowledge of SIEM solutions and incident management solutions
• Technical understanding of core cybersecurity technologies as well as emerging capabilities.
• Inquisitive, problem-solving oriented
• 5+ years of prior relevant experience.

Qualifications
Preferred:

• Experience:
  • SOC: 5+ years (Preferred)
  • Cybersecurity: 8+ years (Preferred)
  • SIEM: 5+ years (Preferred) (Splunk or Sentinel)
• Vulnerability Management
• Malware Analysis
• Threat Hunting
• Programming/Scripting in one language (PowerShell / Python / Bash)

Required

• 5+ years of recent cybersecurity experience required
• Two Cyber Security Certifications or one Advanced Certification (CISM, CISSP, SecurityX, Microsoft SC-200 and/or SC-100, Security+, CySA+, CEH, etc)
• Prior SIEM experience
  • Tuning
  • Alert triage
  • Detection Engineering
• Incident Response
• Working knowledge of Operating Systems
• Fundamental Networking knowledge
• Detection Engineering

Nice to haves:

• Advanced certifications in the field of cybersecurity, such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), will be highly regarded.
• Familiarity with threat hunting techniques and the ability to proactively seek out security threats and vulnerabilities.
• Experience with threat modeling and risk assessment methodologies to enhance security strategies.
• Proficiency in scripting or programming languages, such as Python or PowerShell, for automation and customization of security solutions.
• Knowledge of container security, Kubernetes, and cloud-native security best practices.
• Familiarity with security orchestration and automation tools.
• Understanding of identity and access management (IAM) principles and technologies.
• Experience with network security monitoring tools and protocols, including Snort, Suricata, and Bro/Zeek.
• Active involvement in cybersecurity community activities, such as presenting at conferences, contributing to open-source projects, or participating in Capture The Flag (CTF) competitions.
• Strong analytical and problem-solving skills, with the ability to analyze complex security issues and propose effective solutions.
• Knowledge of emerging cybersecurity trends, threats, and mitigation strategies to stay ahead of evolving risks.
• Excellent interpersonal and communication skills, including the ability to convey technical information to non-technical stakeholders effectively.

• Must be eligible to work in the US without sponsorship from an employer now or in the future.

EOE M/F/Veterans/Disabled