Associate Security Operations Engineer

Job Summary

The Associate Security Operations Engineer supports CSBS's security operations by monitoring security tools, triaging alerts, and assisting with incident response and cyber threat hunting activities. This role works under the guidance of senior security staff to help detect, analyze, and respond to potential security events across the enterprise environment. The Associate Security Operations Engineer contributes to maintaining the confidentiality, integrity, and availability of systems by supporting security monitoring platforms, following established playbooks, and escalating issues as appropriate.

Essential Functions

To perform this job successfully, an individual must be able to perform each essential duty and responsibility satisfactorily. Reasonable accommodations may be made to enable individual with disabilities to perform the essential functions. Other duties may be assigned to meet business needs.

• Monitor and support enterprise security tools, including SIEM, EDR, identity platforms, and cloud security solutions, to detect potential threats and anomalous activity.
• Review, triage, and escalate security alerts in accordance with established procedures and playbooks.
• Assist in incident response activities, including investigation, containment, documentation, and post-incident analysis.
• Support cyber threat hunting efforts by analyzing logs, endpoint data, and system activity to identify indicators of compromise or suspicious behavior.
• Support proactive cyber threat hunting and detection engineering efforts to improve overall security posture.
• Assist with the collection and analysis of security event data from multiple sources (endpoints, network, identity, cloud platforms).
• Help maintain and tune detection rules, alerts, and monitoring configurations to improve visibility and reduce false positives.
• Document incidents, findings, and response actions in ticketing and case management systems.
• Collaborate with senior engineers and cross-functional teams to support remediation and recovery efforts.
• Support vulnerability management activities by tracking findings and assisting with remediation follow-up.
• Assist in maintaining and updating security operations playbooks, runbooks, and standard operating procedures.
• Participate in continuous monitoring and operational readiness activities.
• Stay current on emerging threats, attacker techniques, and security best practices.

Additional Responsibilities

• Monitor industry trends for changes in compliance challenges and contribute to organization planning, policy and procedure changes in response.
• Assist in the development and refinement of security detection use cases aligned to threat intelligence and organizational risk.
• Support audit, compliance, and regulatory activities (e.g., NIST CSF, SOC 2, CJIS) by gathering evidence, logs, and documentation.
• Help validate security controls through participation in internal assessments, tabletop exercises, and incident simulations.
• Contribute to continuous improvement of SOC processes, including alert triage workflows and escalation procedures.
• Assist in integrating and onboarding new security tools and log sources into monitoring platforms.
• Support metrics and reporting efforts, including tracking incident trends, response times, and tool effectiveness.
• Participate in knowledge sharing and team training activities to build security operations maturity.
• Maintain awareness of evolving threat landscape, including common attacker tactics, techniques, and procedures (TTPs).

Minimum Qualifications

To perform this job successfully, an individual should possess the knowledge, skills, and abilities listed and meet the amount of education, training and/or work experience required.

Education and Experience

• B.S. degree in Computer Science or equivalent experience.

• Microsoft and Security Certifications are highly desired.
• 1-2 years of experience in cybersecurity, IT operations, system administration, or network support.
• Demonstrated experience in security monitoring, log analysis, or incident response processes is preferred.
• Experience working in cloud environments including AWS is a plus.
• Basic scripting or automation experience (e.g., Python, PowerShell) to automate routine functions is a plus.

Knowledge, Skills and Abilities

• Knowledge of security tools and platforms (e.g., SIEM, EDR, IAM, and network security controls), with familiarity using tools such as CrowdStrike and Okta is a plus.
• Knowledge of Cloud platforms and operations.
• Familiarity with the NIST Cyber Security Framework.
• Foundational understanding of cybersecurity principles, including threat detection, incident response, and vulnerability management.
• Familiarity with common attack vectors and threats such as phishing, malware, and credential compromise.
• Basic knowledge of IT infrastructure, including networking (TCP/IP, DNS), operating systems (Windows/Linux), and cloud environments.
• Understanding of logging, monitoring, and alerting concepts used in security operations.
• Analytical and problem-solving skills with the ability to investigate alerts and identify potential security concerns.
• Ability to triage and prioritize security events based on risk, severity, and business impact.
• Strong attention to detail when reviewing logs, alerts, and system activity.
• Ability to follow established processes, playbooks, and standard operating procedures.
• Effective written and verbal communication skills for documenting incidents, escalating issues, and collaborating with team members.
• Basic technical troubleshooting skills across systems, endpoints, and network components.
• Ability to think critically and distinguish between false positives and legitimate security threats.
• Ability to collaborate with cross-functional teams, including IT, security, and business stakeholders.
• Ability to recognize when to escalate issues and seek guidance appropriately.
• Willingness to continuously learn and adapt to new technologies, tools, and evolving cybersecurity threats.
• Working knowledge of system and network security engineering best practices, operating systems and application auditing.
• Strong written and verbal communication skills.
• Strong planning and task management skills.

Requirements

• Due to the nature of CSBS's business in support of state financial services supervision, all CSBS employees have the potential of interacting with confidential information related to the supervision of financial services companies ("Confidential Supervisory Information"). As a result, in addition to general business conflicts of interest, all CSBS employees are expected to disclose conflicts of interest in financial services companies on at least an annual basis and to proactively avoid such conflicts.
• Protect the confidentiality, integrity, and availability of CSBS information and information systems in accordance with CSBS policies and procedures.

Values Instilled Behaviors for Excellence (VIBE)

At CSBS, work-life balance isn't just a policy; it's our VIBE! We recognize that our team members have lives that deserve attention and care. That's why we create strong, supportive relationships that help everyone grow both professionally and personally. We honor each other's expertise and speak the truth, even when it's a bit awkward. And guess what? This honesty creates a vibe of respect and trust that powers our efficiency and our excellence. It lets us chase those career goals while also nurturing our personal pursuits. At CSBS, you can thrive at work and at home-it's the best of both worlds!

Just like a healthy work-life, collaboration is an essential part of CSBS's mission. In fact, it is the heartbeat of everything we do! We're all about pitching in, giving props to our colleagues, and having each other's backs. This allows us to push ourselves to our maximum potential and embrace those bold risks and innovative solutions. No matter what comes our way, our commitment to communication and teamwork strengthens us. We at CSBS are on mission and on the move, tackling all challenges together!

Working Conditions

• General office.
• Some travel required.

This job description should not be construed to imply that these requirements are the only standards for the position. Incumbents will follow any other instructions and perform any other related duties as may be required. CSBS has the right to revise this job description at any time. CSBS is an "at will" employer and as such, neither this job description nor your signature constitutes any form of contractual arrangement between you and CSBS.