Senior IT Cyber Security Engineer
Ashley Furniture Industries · Tampa, FL · 1 mo ago
On-siteInformation TechnologyFull-time
Core Responsibilities
- Perform daily security case triage and queue management within a cloud-native SIEM platform, including noise reduction, false positive identification, and exception creation
- Develop and maintain SOAR automation playbooks, including ongoing tuning and deduplication logic
- Monitor and apply SIEM parser updates; review change logs and validate newly introduced data tags to ensure detection integrity
- Standardize and maintain detection rule naming conventions and labeling across the SOC environment
- Review, customize, and manage security playbooks pulled from integrated code repositories; validate code for security concerns prior to deployment
- Build, maintain, and troubleshoot SOC dashboards and underlying queries; produce recurring operational reports for leadership
- Track and report on playbook usage metrics, log ingestion volumes, and establish consumption baselines to support capacity planning
- Perform ongoing exception tuning as the environment evolves, including malware, PUP, and endpoint alert validation using SentinelOne EDR/XDR platform data
- Monitor and triage email-based threats using Abnormal Security; manage detection policies, investigate reported messages, and validate remediation actions
- Monitor threat intelligence platforms and dark web monitoring tooling; maintain and update monitoring coverage to address emerging indicators
- Investigate and respond to account compromise indicators, including anonymous sign-in attempts and credential-based threats; execute account remediation actions via enterprise identity management platforms
- Manage log forwarder infrastructure, including replacement or migration projects in coordination with IT and vendor support teams
- Coordinate with vendor professional services teams as needed to validate and advance SOC tooling initiatives
- Design, implement, and continuously improve security controls across cloud and on-premises environments to reduce risk and strengthen the overall security posture
- Work closely with engineering and infrastructure teams to embed security best practices into system design, platform deployments, and operational workflows
- Evaluate and recommend security tooling, configurations, and architectural patterns in alignment with enterprise standards and risk tolerance
- Support incident response investigations from initial triage through containment, eradication, and post-incident review
- Contribute to the development, review, and maintenance of security policies, standards, and procedures
- Support compliance efforts aligned to established frameworks including NIST CSF and PCI-DSS, including evidence collection, gap assessment, and control documentation
Required Skills & Qualifications
- Strong hands-on experience with cloud-native SIEM and SOAR platforms (e.g., Google SecOps / Chronicle, Splunk, Microsoft Sentinel, or equivalent)
- Experience with SentinelOne EDR/XDR for endpoint threat triage, malware validation, alert investigation, and response actions
- Hands-on experience with Abnormal Security or equivalent AI-driven email security platforms for phishing triage, policy management, and threat remediation
- Proficiency writing and optimizing regular expressions for alert tuning, exception logic, and parser development
- Demonstrated experience with detection engineering and rule tuning methodologies in an enterprise SOC environment
- PRACTICAL experience designing or implementing security controls across hybrid cloud and on-premises environments
- Ability to collaborate effectively with engineering and infrastructure teams to integrate security requirements into technical projects
- Familiarity with incident response processes and experience supporting investigations through the full response lifecycle
- Familiarity with threat intelligence platforms (e.g., Recorded Future, ThreatConnect, or equivalent) and dark web monitoring practices
- Working knowledge of Linux systems administration, including scripting (Bash, Python) and scheduled task management
- Working knowledge of security frameworks such as NIST CSF and PCI-DSS and their application to enterprise security programs
- Strong documentation habits and ability to develop and standardize repeatable operational processes