Principal Information Security Operations Engineer

About Us

Matson has been the leading ocean shipping and logistics provider throughout the Pacific since 1882. We are the supply chain lifeline for Hawaii, Alaska, Guam, and islands of the South Pacific. We also offer the top two ocean shipping services in the world’s largest trade lane - Asia to the U.S. West Coast. With our subsidiaries Matson Terminals and Matson Logistics, our business focus is exceeding customer expectations with quality, reliability, and integrity.

We strive to operate in an environmentally sustainable manner and promote land-based environmental programs in Hawaii, Guam, and Alaska. We help improve the communities in which we work and live through our community giving program that annually supports hundreds of local organizations.

Matson is honored to be certified as a Great Place to Work. Our team of dedicated and talented employees consistently deliver exceptional results for our customers and the communities in which we serve.

Learn more at matson.com.

About The Role

We are seeking a highly skilled and experienced Principal Information Security Operations Engineer to join our dynamic and innovative security operations team. The Principal Information Security Operations Engineer will have experience leading cybersecurity incident response (IR) which includes detection, containment, eradication, recovery, and reporting.

This position provides technical leadership during high-severity events, coordinates cross-functional response efforts, and ensures incidents are handled quickly, consistently, and in accordance with regulatory and company business requirements. This position will also be responsible for implementing and maintaining the security monitoring and alerting tools necessary to protect our organization's systems, networks, and data from potential threats. The ideal candidate will have a good mix of hands-on technical knowledge, a strong background in security operations, incident response, security risk mitigation, and security practices. The individual should be proactive, organized, analytical, detail oriented and persistent.

Security Operations is one of the critical business support responsibilities for the Information Security team. We provide insights regarding threats the company faces and expected to quickly respond and recover from potential cyber events or incidents. It is important for this individual to understand there are cyber threat actors targeting the maritime industry and we must stay vigilant, be ready to respond in a manner that will limit the impact and allow for quick recovery.

What you’ll do:

• Manage day-to-day security operational tasks such as security event monitoring, log monitoring and security incident management, compliance monitoring, data loss prevention, and monitoring and responding to emerging threats varying from endpoint to server to public cloud.
• Lead all security-related events and incidents that come into the team's various queues (including triage, containment, and remediation when necessary). Follow standard operating procedures (SOPs) and Playbooks to ensure security events are triaged appropriately and in a timely manner, according to SLAs.
• Understand the various stages of the incident response lifecycle and the analytical mindset when it comes to triage and investigations, including a fundamental understanding of memory processes and memory management practices, or the willingness to learn these principles. Act as primary support contact for security incidents and provide direction to infrastructure and applications teams to initiate incident response .
• Perform root cause analysis to continuously improve prevention, detection, reaction, and remediation capabilities.
• Ensure systems, networks, and applications are monitored for security breaches, intrusions, and unusual activity.
• Investigate and respond to security events and incidents, including performing root cause analysis, identifying vulnerabilities, and implementing remediation and/or tuning measures.
• Respond to phishing attacks by tracking down and recalling malicious e-mails; contact users who may be impacted.
• Participate in off-hours on-call rotation, as required, and necessary.
• Liaise with internal and external parties, including Managed Security Services Provider, computer forensics specialists, and additional incident responders, to address security concerns.
• Assist in managing the organization's logging environment providing fundamental knowledge of license managers, indexers, and search heads.
• Develop SOAR playbooks to minimize security incident response time and develop advanced techniques to identify and mitigate vulnerabilities.
• Understand security incident response plans and procedures, ensuring their effectiveness through regular testing and exercises.
• Collaborate with cross-functional teams to ensure security controls, infrastructure and tools, including firewalls, intrusion detection systems, data loss prevention systems, and security information and event management (SIEM) systems are implemented and maintained throughout the organization.
• Conduct research on emerging security threats and trends and recommend appropriate security measures and countermeasures.
• Assist in developing security policies, controls, and procedures to support the full life cycle protection of critical assets, networks, cloud environments, and sensitive information.
• Perform periodic testing for compliance with documented security policies, procedures, and standards.
• Support metrics reporting on security operations functions.
  
  

In addition to those essential job functions identified above, individuals in this position are also responsible for performing other duties or tasks that may be assigned. The Company retains the discretion to add to or change the essential job functions of this position at any time.

You have these skills:

• Strong information security operations analytical skills, including those commonly handled by a Security Operations Center (SOC), including SOC Tier 2 and 3 level skills.
• Strong knowledge of network security protocols, tools, and technologies (BGP, TCP/IP layers, DNS, SMTP, SSL, etc.).
• Strong understanding of network and system architecture, including cloud-based environments (AWS).
• Experience and knowledge of network firewalls, network monitoring tools and other IDS/IPS.
• Experience with security incident response and handling techniques.
• Proficiency in using SIEM tools for log analysis and correlation.
• Familiarity with vulnerability management tools and processes.
• Technical knowledge in system and network security, authentication and security protocols, and application security.
• Strong understanding of web technologies - protocols, programming techniques, browsers, etc.
• Familiarity with common tools such as Splunk, Microsoft Defender, Proofpoint, Office 365, PowerShell, and various network tools.
• Experience in distributed systems and cloud-based architecture including Amazon AWS, Microsoft Azure, and the native security tools available in these environments (Data Explorer, GuardDuty, Log Analytics, etc.).
• Familiarity with Unix/Linux, Windows, SQL, macOS, shell scripting, and various other technologies.
• Strong security research and root cause analysis skills to identify and analyze potential security vulnerabilities.
• Superior professional written and verbal communication that includes the capability to translate highly technical material to communicate with executives.
• Ability to work effectively both independently and in a team environment.
• Strong understanding of web vulnerabilities and weaknesses (cross-site scripting, cross-site request forgery, etc.).
• Strong problem solving, conflict resolution and negotiation skills.
• Highly collaborative with the ability to influence and work with many internal stakeholders.
• Relevant security certifications such as CISSP, CEH, or GIAC certifications are preferred.
• Customer service experience/Strong customer focus to analyze customer reported security issues.
• Ability to multi-task in a fast-paced environment.
• May be required to lift equipment weighing up to fifty (50) pounds.
  
  

And these qualifications:

• Must be able to travel up to 20%.
• Minimum of 7 years of hands-on experience in security operations, with 3 years leading incident response.
  
  

Extra credit if you have:

• Bachelor’s degree in computer science, Information Security, or a related field is a plus.
• Certifications is a plus - GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Forensic Analyst (GCFA), etc.
  
  

The annual salary range is posted for this position in California. The salary offered will depend upon qualifications and other operational considerations.

At Matson, we're looking for people to build a unified team to maintain our values of trust, integrity, and reliability. We welcome people who think rigorously and thoughtfully challenge assumptions.

#MI