Security Engineer, Security Operations

The Role

League’s Security Engineering teams are responsible for scaling security in the development lifecycle and managing security incident management. We believe in security by design and follow a paved road philosophy by building or buying tools that we can integrate into our platform to ultimately make it easier for our engineers to do the right thing. As a SecOps Engineer/Analyst you will care deeply about “what goes bump in the night”. You have peers in Security Engineering who care about “build it secure” at League, your role is to ensure both validation and response occurs when inevitable challenges arise. This role will focus on detection, response, tuning, and refinement. Security Engineers and Analysts on our SecOps team take pride in response.

As always, if this is your skillset we encourage you to apply. We also accept and encourage applicants who have existing software engineering experience and want to explore security and applicants who may have done a security program in a post-secondary institution. There are people across the engineering organization who are ready to help grow technical skills and who want to learn more about security.

In this role, you will:

• Know or have a strong desire to learn Terraform and be at the front of the Security as Code movement. You’ll expect to manage multiple tools and configurations in an “as code” way. 
• We have high expectations for repeatability and configurability, you will have similar.
• You’ll be a candidate who sees the manual context of current security insufficient and should be more automation oriented.
• Work with our SIEM tooling (Splunk) to ingest events from our logging complexes and work to build our correlations, alerts, and dashboards.
• Respond to incidents. You’ll be very keen on documentation and forensic details and have a mind toward investigation and escalation.
• Operate as L1 and over time potentially L2 on call. You can expect to carry an on-call rotation.
• Support the running of our security tooling (Wazuh, OSSEC, Falco). You’ll collaborate with our DevSecOps team to ensure the tooling is always running and up to date.
• Tune our security tools. You can work on a team that has primary responsibility for tuning the security tools we run.
• Help build and determine monitoring and automation for threat scenarios. You can identify what can go wrong and what to watch for.
• Maintain and build out our playbooks and operating procedures for event response.
• Work with Senior Security Engineers in assisting to run security tabletop events. Expect to help build and dry run exercises with many diverse roles in our organization.
• Work together with technical individuals in our security, platform, and product functions to drive security into their tools and processes

 About You:

• You have a degree in a security, computer science or software engineering from a reputable post-secondary institution
• You have in-depth experience within Security Operations 
• You have an extensive amount of experience with a SIEM (Splunk, Sumologic, Elastic)
• You are proficient with managing Security tools (Antivirus, Firewalls, Intrusion Detection/Protection Systems, Log analysis)
• You have in-depth experience in incident detection and response (IDR). Your background is blue team or blue team interests.
• You are good at learning infrastructure from an alerting angle.
• You enjoy reading up on the latest security topics.
• You are able or have the desire to learn to write code in Python, Go or similar higher level languages
• You have some Infrastructure as Code (Terraform, Ansible) experience or a strong desire to learn
• You are a collaborator at your core

Nice to have:

• Experience securing cloud infrastructure
• Experience working with GCP / Google Cloud