Senior Cyber Security Engineer

Senior Cyber Security Engineer

Pittsburgh, PA or Remote

About Stack

Stack is developing revolutionary AI and advanced autonomous systems designed to enhance safety, reliability, and efficiency of modern operations. Stack's autonomous technology incorporates cutting-edge advancements in artificial intelligence, robotics, machine learning, and cloud technologies, empowering us to create innovative solutions that address the needs and challenges of the dynamic trucking transportation industry. With decades of experience creating and deploying real world systems for demanding environments, the Stack team is dedicated to developing an autonomous solution ecosystem tailored to the trucking industry's unique demands.

About the Role

The Cyber Security team itself is responsible for securing Stack AV's environment, including on-prem and cloud resources, remote users, data, and the vehicles themselves. The Cyber Engineering role at Stack AV is responsible for developing and maintaining new threat detection capabilities, triaging and tuning security events and incidents, and leading security investigations and incident response efforts. The primary focus of this will be developing threat detection capabilities and responding to security incidents involving Stack's infrastructure, data, and users across private cloud, public cloud, SaaS, on-prem, and remote user environments.

Responsibilities

• Develop new cyber detections for threats and other uses cases using our SIEM and other security tooling.
• Develop automated processes for triaging security incidents and incident response in general.
• Assesses software and service requests from within the organization.
• Deploy and develop solutions to better secure Stack AV's infrastructure, data, and people.
• Conduct and/or arrange vulnerability and other security assessments on Stack's infrastructure.
• Respond to security incidents and drive the effort to mitigate and/or remediate findings.

Qualifications

• Required
  • Experience working with and managing Security Information and Event Management (SIEM) tools such as Splunk, Sumo Logic, Elastic, etc.
  • Threat hunting experience endpoint, network, DNS, email, EDR, and audit logs, as well as netflow and packet captures.
  • Experience working with and managing utilizing Endpoint Detection and Response (EDR) tools such as Crowdstrike, Sentinel One, Microsoft Defender, etc.
  • Thorough understanding of MacOS, Linux, and Windows hardening and security best practices.
  • Experience creating threat and DLP signatures for network, endpoint, email, and cloud/SaaS security solutions to identify potential attacks, exploits, or data exfiltration attempts.
  • Extensive experience developing and automating incident response policies.
  • Experience delivering complex projects, including coordinating and driving issues to resolution utilizing excellent technical troubleshooting skills.
  • A drive to learn and work with industry leading technologies.
  • An understanding of network orchestration and automation with Python, Ansible, and Terraform. Any experience automating security operations tasks or using SOAR platforms is a plus.
  • Experience with DevSecOps practices, including securing containerization technologies (Kubernetes, Docker, etc), artifact repositories (Artifactory, CodeArtifact, etc), and CI/CD or version control systems (GitHub, GitLab, etc).
• Preferred
  • Experience working with Security Access Service Edge (SASE) solutions such as Zscaler, Prisma Access, Netskope, etc.
  • Thorough understanding of email security and best practices. Experience working with Secure Email Gateways (SEGs), Mail Transfer Agents (MTAs), and end user training solutions like Knowbe4 is highly desirable.
  • Experience with both traditional DLP and Cloud Access Security Broker (CASB) solutions, especially developing data classification policies, signature detection, and response runbooks.
  • Extensive experience with network security tooling and practices such as layer 7 firewalls and Unified Threat Management (UTM) solutions, Intrusion Detection and Prevention Systems (IDS/IPS), malware sandboxing, Network Detection and Response (NDR) solutions, netflow and telemetry aggregation, systems, microsegmentation, web application firewalls (WAFs), load balancers, network taps, DNS security solutions, etc.
  • Thorough knowledge of Public Key Infrastructure (PKI), certificate lifecycle management, 802.1x implementation, mTLS, etc.
  • Experience with Google Workspace, especially developing Trust Rules to secure and control sensitive data and enhancing DLP capabilities.
  • Experience with developing information security architectures and securing complex infrastructure environments.
  • Work with Stack's highly technical software and hardware engineering teams to understand their goals, and deploy tools and solutions to get the data accessible to them for development.

We are proud to be an equal opportunity workplace. We believe that diverse teams produce the best ideas and outcomes. We are committed to building a culture of inclusion, entrepreneurship, and innovation across gender, race, age, sexual orientation, religion, disability, and identity.

Check out our Privacy Policy.

Please Note: Pursuant to its business activities and use of technology, Stack AV complies with all applicable U.S. national security laws, regulations, and administrative requirements, which can restrict Stack AV's ability to employ certain persons in certain positions pursuant to a range of national security-related requirements. As such, this position may be contingent upon Stack AV verifying a candidate's residence, U.S. person status, and/or citizenship status. This position may also involve working with software and technologies subject to U.S. export control regulations. Under these regulations, it may be necessary for Stack AV to obtain a U.S. government export license prior to releasing its technologies to certain persons. If Stack AV determines that a candidate's residence, U.S. person status, and/or citizenship status will require a license, prohibit the candidate from working in this position, or otherwise be subject to national security-related restrictions, Stack AV expressly reserves the right to either consider the candidate for a different position that is not subject to such restrictions, on whatever terms and conditions Stack AV shall establish in its sole discretion, or, in the alternative, decline to move forward with the candidate's application.