Security Operations Admin | Remote US

United States
Advisory Services – Cloud Services /
Regular Full Time /
About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.  
But that’s not who we are – that’s just what we do. 
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.   
And we’re growing fast. 
We’re looking for a Security Operations Admin to support our Cloud Services team.
This can be a remote position (must be located in the United States).

Position Summary
As a Security Operations Admin at Coalfire within our Cloud Services group, you will be a self-starter, passionate about cloud security, and thrive on problem solving. You will work within major public clouds and best-of-breed tools, utilizing your technical abilities to monitor security for the most cutting edge offerings from Cloud Service Providers (CSPs). This role directly supports leading cloud software companies to provide security of their SaaS product to the largest enterprises and government agencies around the world.

What You'll Do

    • Be a point of escalation for our 24x7x365 security monitoring for multiple clients while working closely with DevOps and product teams
    • Work across a myriad of technology stacks in leading cloud providers like AWS, Azure, and GCP
    • Analyze security events using logs and open-source knowledge to determine legitimate or false positive nature
    • Maintain a record of security monitoring activities via case management and ticketing technologies
    • Execute processes & best practices/procedures for intrusion detection, file integrity, endpoint protection, log management and SIEM solutions
    • Review environment-specific rules, alerts, and dashboards in SIEM tooling via custom queries
    • Support incident response process to address security anomalies in the environment
    • Apply technical writing skills to create formal documentation such as analytical reports and briefings
    • Maintain standard operating procedures and training materials
    • Participate in on-call rotations as needed to support client operational needs that may lay outside of business hours
    • Conduct System Health Checks on managed technologies and provide recommendations on performance improvements.
    • Identify technical solutions to automate repeatable tasks
    • Areas of responsibility will include analysis of threats to the environment, development of both proactive and reactive detection methods, conducting security investigations, responding to incidents,  and deploying security solutions in a rapidly growing environme

What You'll Bring

    • BS or above in related Information Technology field or equivalent combination of education and experience
    • 2-4 years experience in 24x7x365 production security operations
    • 2-4 years experience participating in incident response and analysis activities
    • 1+ years of hands on technical experience supporting cloud operations and automation in Azure, AWS, and/or GCP
    • Experience in Information Security with a focus on incident response and security engineering
    • Proven experience with threat identification using SIEM tools, log sources, and forensics tools and techniques
    • Experience with ITSM solutions such as Jira and ServiceNow
    • Understanding of regular expression and query languages
    • Experience analyzing events or incidents to triage the issue
    • Excellent communication, organizational, and problem-solving skills in a dynamic environment
    • Effective documentation skills, to include technical diagrams and written descriptions
    • Ability to work independently and as part of a team with professional attitude and demeanor
    • US Citizen

Bonus Points

    • EC-Council Certified Security Analyst (ECSA) or Certified SOC Analyst (CSA), CompTIA Cybersecurity Analyst (CySA+), GIAC certifications
    • Elastic Certification (Certified Engineer, Certified Analyst, Certified Observability Engineer)
    • Splunk Certification (Core/Enterprise/Enterprise Security/Cloud Admin or Engineer)
    • Previous experience supporting a 24x7x365 security operations for a SaaS vendor
    • Experience contributing to security incident handling and investigation, and/or system scenario recreation
    • Experience in malware analysis, threat intelligence, forensics, or penetration testing
    • Familiarity with Kali Linux, Wireshark, Metasploit, IDA Pro, or open-source debuggers
    • Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc.
    • Experience with vulnerability management tools and data to ensure secure, patched system resources
Why You'll Want to Join Us

At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.

Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $53,000 to $92,000 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.