Job Description

Job Description:

Pacific Life is investing in bright, agile and diverse talent to contribute to our mission of innovating our business and creating a superior customer experience. We’re actively seeking a talented Senior Security Operations Engineer to join our Security Monitoring team in Newport Beach, CA. This role can be on-site or remote.

Responsibilities:

Lead technical investigation of security events and incidents.

Serve as an escalation point for security analysts and provide in-depth analysis of events and incidents.

Assist with the expansion of new SOC capabilities such as adversary simulation/purple team, XDR, etc.

Drive process improvement initiatives to increase SOC maturity.

Assist and provide backup support for security operations capabilities including Cyber Threat Intelligence, Adversary Hunt, and Detection Engineering.

Provide guidance and mentorship to other SOC staff.

Serve as a subject matter expert for discussions relating to your areas of expertise.

Help align security operations functions with the organization’s overall business objectives.

Support department efforts to improve service delivery to our customers.

Factors for Success:

8+ years of experience in Information Security.

2+ years of experience working as a Tier 2+ analyst in a SOC.

Understanding of current attack tools, tactics, procedures, and how to detect and/or mitigate them.

Knowledge of cyber defense and information security policies, procedures, and regulations.

Knowledge of incident response and handling methodologies.

Knowledge of malware analysis concepts and methodologies.

Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). MITRE Att&ck, Cyber Kill Chain, etc.

Knowledge of threat actors (e.g., script kiddies, insider threat, non-nation state-sponsored, and nation sponsored). An understanding of threats specific to the financial industry is a benefit.

Skill in preserving evidence integrity according to standard operating procedures or national standards.

Strong understanding of security operations technologies including SIEM and orchestration (SOAR). Splunk and Splunk Enterprise Security experience is a plus.

Ability to work in a fast-paced environment shifting focus as needed to address high risk tasks.

Experience extending SOC capabilities into IaaS/Cloud environments (AWS, Azure) would be a plus.

Relevant certifications such as CISSP, GCIH, GCIA, GNFA, GCFA, GCFE, GSOC, GMON, GSE or equivalent experience and skills.

The ability to communicate effectively to both technical and non-technical staff at all levels of the organization.