Security Engineer
Millennium Management
The successful candidate will be a subject matter expert with hands-on experience in a wide range of Information security technologies, tools and methodologies. Candidate should be a Security Engineer with an understanding and experience on SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), and network security. As a Security Engineer, you will play a critical role in developing, implementing, and maintaining our organization's security infrastructure to ensure the protection and integrity of our systems and data. You will collaborate with various teams to identify and mitigate security risks, as well as develop robust incident response processes.
The team fosters a collaborative environment and is building a best in class program to partner with the business to protect the Firm’s information and computer systems. Millennium is a complex and robust technical environment and securing the Firm from external and internal threats is a top priority.
Principal Responsibilities
- Demonstrate a clear understanding of current risks and threats to network infrastructure and perimeter.
- Develop, implement, and maintain comprehensive security policies, procedures, and guidelines pertaining to SIEM, SOAR, and network security.
- Manage and analyze security logs, alerts, and events from multiple systems to proactively identify potential threats and vulnerabilities.
- Provide security consulting and engineering support to the Security Operations Infosec team.
- Implement automation measures to enhance perimeter security technologies, addressing vulnerabilities, identifying gaps, and creating alerts and reports.
- Collaborate with key stakeholders, including Technology organization, Trading units, Legal, Internal Audit, and Compliance, to establish and enforce security policies.
- Offer guidance and support to other IT and security teams, assisting them with security-related concerns.
- Stay up to date with the latest security threats, vulnerabilities, and industry best practices, ensuring proactive identification and mitigation of emerging risks.
- Utilize collected intelligence to enhance Millennium's defense and response capabilities against future attacks or intrusions.
- Conduct periodic and on-demand system audits and vulnerability assessments to detect and address security vulnerabilities.
- Manage remediation efforts for identified gaps reported in audits, penetration tests, or recommended process improvements.
- Support the smooth transition from Engineering to Production and provide mentorship to junior-level security professionals.
- Develop and maintain comprehensive documentation of security products, including tools, technologies, and processes.
- Participate in Information Security Incident Response activities for the Firm's environment.
Qualifications/Skills Required
- Bachelor’s degree in Computer Science or Engineering preferred. 3 + years’ experience working in a technical role with a minimum of 2 + years’ experience focusing on network and information security in the financial industry (preferred).
- Proven experience as a Security Engineer, with a focus on SIEM and SOAR.
- Network security hands-on technical experience with some of the following: firewall configuration management and auditing (RedSeal, FireMon), Next Generation Firewalls (Palo Alto and CISCO), intrusion detection/prevention platforms (SourceFire, Palo Alto), Network detection and Response (Extrahop, Darktrace, Zeek) and Network Access Control (Cisco ISE, ForeScout)
- Strong knowledge of TCP/IP and other infrastructure such as DNS, Wi-Fi, virtualization, and others.
- Experience with network sniffers and packet capture tool (tcpdump, wireshark, ngrep) for packet analysis and troubleshooting.
- Knowledge of Cloud Services (AWS, GCP or Azure)
- Development, and scripting skills required (Python, Perl, shell scripting, other)
- Proxy Engineer experience with proven understanding of Proxy technologies.
- SIEM (Qradar, Splunk, ELK) and SOAR platform experience
- At least one security certification preferred. (CISSP, GCIA, CISM, etc.)