Apply on Employer Site

UltraViolet Cyber · 19 hours ago

Security Tools Engineer

Portland, OR

Full-time

Onsite

Senior Level

$120K/yr - $150K/yr

6+ years exp

UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. They are seeking an experienced Security Engineer responsible for administering, configuring, and maintaining enterprise cybersecurity tools and infrastructure to protect the organization's digital assets.

ComputerInformation TechnologyNetwork Security

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Administer and maintain digital forensics platforms including FTK (Forensic Toolkit), Magnet AXIOM Cyber, FRED (Forensic Recovery of Evidence Device) systems, and related forensic investigation tools. Ensure platforms are properly licensed, updated, and available for incident response and investigation activities

Manage and configure Cortex XSOAR (Security Orchestration, Automation and Response) platform including playbook development, integration configuration, incident automation workflows, and custom script development to enhance security operations efficiency

Administer ExtraHop network detection and response (NDR) platform including sensor deployment, traffic analysis configuration, detection rule tuning, dashboard creation, and integration with SIEM and other security tools for comprehensive network visibility

Apply configuration changes across other security infrastructure platforms ensuring changes are properly tested, documented, and implemented following change management procedures. Maintain configuration baselines and version control for all security tools

Perform application-level patching and updates for security tools and platforms, coordinating maintenance windows, testing patches in non-production environments, and ensuring minimal disruption to security operations during update cycles

Assist in the deployment of new security systems and capabilities including requirements gathering, solution design, hardware/software installation, integration with existing infrastructure, testing, and knowledge transfer to operations teams

Monitor performance and health of security infrastructure using built-in monitoring tools, log analysis, and alerting mechanisms. Proactively identify and resolve performance bottlenecks, capacity issues, and potential system failures

Provide technical support to security analysts and incident responders using security tools, troubleshooting tool-related issues, optimizing queries and workflows, and delivering training on tool capabilities and best practices

Develop and maintain comprehensive technical documentation including standard operating procedures (SOPs), runbooks, configuration guides, architecture diagrams, troubleshooting guides, and system inventory records for all security infrastructure

Manage integrations between security tools and platforms using APIs, webhooks, and connectors to enable data sharing, automated workflows, and unified security operations. Troubleshoot integration issues and optimize data flows

Administer SIEM (Security Information and Event Management) platforms such as Splunk or similar tools including log source onboarding, parsing rule creation, correlation rule development, dashboard creation, and search optimization

Maintain and update forensic workstations (FRED systems) including hardware maintenance, software updates, peripheral device management, and ensuring write-blockers and forensic acquisition tools are properly calibrated and functioning

Qualification

Digital forensics platformsSecurity orchestration toolsNetwork detection toolsSIEM platformsOperating systemsScripting languagesProblem-solving skillsCommunication skillsDocumentation skills

Required

Must be a U.S. citizen and be able to earn a government security clearance

Minimum of 6 years of experience in cybersecurity, security engineering, security operations, or related technical roles with hands-on experience administrations and configuration of enterprise security tools and infrastructure

Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Computer Engineering, or related technical field. Equivalent experience may be considered

Experience with digital forensics platforms such as FTK (Forensic Toolkit), Magnet AXIOM Cyber, EnCase, or similar tools. Understanding of forensic investigation processes and evidence handling procedures

Experience administering security orchestration and automation platforms (SOAR) such as Cortex XSOAR, Splunk SOAR, Swimlane, or similar tools. Ability to develop and maintain automation playbooks and workflows

Proficiency with network detection and response (NDR) or network traffic analysis tools such as ExtraHop, Darktrace, Corelight, Vectra, or similar platforms. Deep understanding of network protocols and traffic analysis techniques

Strong experience with SIEM platforms (Splunk, LogRhythm, QRadar, ArcSight, Sentinel) including administration, log source management, correlation rule development, and search optimization

Solid understanding of operating systems (Windows, Linux) including system administration, hardening, patching, and troubleshooting in enterprise environments

Proficiency with scripting and automation languages such as Python, PowerShell, Bash, or similar for tool automation, integration development, and operational efficiency improvements

Excellent troubleshooting and problem-solving skills with ability to diagnose complex technical issues across multiple platforms and work under pressure during incident response situations

Effective communication skills with ability to collaborate with cross-functional teams, explain technical concepts to non-technical audiences, and work effectively in team environments

Preferred

Prior experience working in federal government environments

Professional cybersecurity certifications such as CompTIA Security+, GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), GIAC Security Essentials (GSEC), or Certified Information Systems Security Professional (CISSP)

Experience with endpoint detection and response (EDR) platforms such as CrowdStrike Falcon, Carbon Black, SentinelOne, Microsoft Defender for Endpoint, or similar tools

Experience with vulnerability management platforms such as Tenable Nessus, Qualys, Rapid7 InsightVM, or similar tools including scanner deployment, scan configuration, and vulnerability remediation tracking

Understanding of malware analysis tools and techniques including sandboxing technologies, reverse engineering tools, and dynamic/static analysis platforms

Experience working in Security Operations Centers (SOC) or incident response teams with understanding of security operations workflows, incident handling procedures, and escalation processes

Knowledge of infrastructure as code (IaC) and configuration management tools such as Terraform, Ansible, Puppet, or Chef for automating security infrastructure deployment and configuration