About The Job
We are seeking a bilingual, experienced and highly skilled in security operations and
Monitoring, Detection and Response Engineer to join our team. The ideal candidate will have a good background in monitoring, detection, and response. You will be responsible for monitoring, detection, analysis, and response to security events and incidents, detect suspicious activities, analyze, classify and escalate security incidents as well as integrate log sources, logs verification, triage, level 1 incident response and run security incident management playbooks.
This position is 100% remote in Colombia.
Key Responsibilities
Cyber Monitoring and Detection:
- Implement, maintain and operate security monitoring systems and processes to detect potential security incidents.
- Operation of Security Information and Event Management (SIEM) tools, including configuring alerts, use cases, dashboards, and reports to identify malicious activity and anomalies.
- Integrate log sources to SIEM, implementing high quality logs and fields of logs, with their respective documentation
- Ensure continuous monitoring of network, system, and application logs to detect threats in real-time, including anomaly detection techniques.
- Fine-tune detection rules and reduce false positives, ensuring that high-fidelity alerts are generated.
- Reporting and documentation of events and incidents
Security Incident Response
- Participate in the incident response process definition, including preparation, detection, analysis, containment, eradication, recovery and post-incident activities.
- Manage L1 incident response including detection and analysis, containment, eradication recovery and post incident activities
- Respond to incidents reported by users and other sources.
- Block IoCs in security platforms
- Coordinate with internal and external stakeholders (IT, legal, communications, etc.) to ensure timely and effective handling of security incidents.
- Execute incident response playbooks, ensuring they are aligned with the industry’s best practices and regulatory requirements.
- Participate in the improvement of monitoring tools and procedures, ensuring they are aligned with organizational goals and risk management strategies.
- Escalate incidents L2 when necessary
- Support regular simulations (tabletop exercises, red teaming) to enhance the preparedness of the team and the organization in dealing with potential cyber incidents.
Collaboration & Reporting
- Continuous improvement of the incident response process
- Collaborate with cross-functional teams (e.g., IT, development, operations) to ensure the alignment of security practices with internal and external security requirements.
- Support evaluation and selection of third-party vendors or tools for monitoring, detection and incident response, as well as for threat, vulnerability and security infrastructure management.
- Provide regular status reports and metrics on monitoring, detection and incident response activities (incidents, response times, trends, etc.)
- Provide detailed reports on L1 security incidents, including findings, root causes, impact analysis, actions taken, lessons learned, etc.
- Maintain clear and accurate records of security incidents for audit and compliance purposes.
Key Qualifications
Bilingual (English - Spanish) B1/B2.
Education
- Bachelor’s degree in computer science. Post-graduate degree in cyber/information security is a plus.
Certifications
- Certifications in incident response, threat hunting and/or security operations (e.g., GCIH, GCFA) are highly desirable.
- CEH and/or technical certifications related to threat intelligence, threat hunting and/or vulnerability management are highly desirable.
Experience
- 3+ years of experience in cybersecurity, with at least 2 years in a monitoring, detection and incident response role.
- Proven experience managing large-scale security incidents and implementing incident response plans.
- Hands-on experience configuring, operating and managing SIEM platforms (Splunk, QRadar, ArcSight, etc.) and other security security/monitoring tools (e.g., firewalls, FWaaS, IPS, EDR/NDR/XDR, SWG, ZTNA, CASB, WAF/WAAP).
- Experience in cloud security is a plus (Azure, AWS, Google Cloud, etc.).
Skills & Competencies
- Strong knowledge of security incident management, threat detection, and response methodologies (e.g., NIST, SANS).
- Strong knowledge of network services and protocols, security protocols and technologies.
- Communication and presentation skills, with the ability to engage stakeholders.
- Ability to stay current and adapt quickly to new regulations, emerging security trends, tools, and technologies.
- Strong problem-solving and analytical skills, with the ability to manage complex security challenges.
- Ability to remain calm under pressure and effectively manage high-stress situations.
