Security Operations Engineer

Security Operations Engineer

About ABFinance ABFinance is a US-based firm building and enabling digital finance for the future. Their vision is to create a full financial ecosystem where digital assets, traditional finance, and everyday money management live in one seamless experience, made available to everyone. Founded by a team of innovators, traders, and compliance professionals, ABFinance's mission is to bring the emerging world of digital assets to everyone. Their flagship product is a secure, regulated crypto exchange building trading tools for both retail and institutional clients—including spot trading and yield generation products with a focus on compliance and security. Job Responsibility Monitor security events and alerts generated by Security Information and Event Management (SIEM) tools across on-premises and cloud environments. Maintain and upgrade SIEM rules to reduce false positives and improve the detection accuracy of emerging threats. Execute incident response procedures: contain threats, eradicate malicious activities, recover systems, and prepare post-incident reports (covering both on-premises office environments and cloud environments). Collaborate with cross-functional teams (IT, Network, Application Security teams, etc.) to resolve security incidents and implement preventive measures; maintain and update security incident response plans, and conduct drills to test response readiness. Evaluate or optimize cloud environment security policies, such as security groups, firewalls, IDS/IPS, IP whitelists, and AKSK (Access Key/Secret Key) policies. Continuously monitor the latest threat intelligence, attack techniques, and security trends to enhance monitoring and interception capabilities. Requirements: At least 5 years of work experience in security industry, with relevant experience. In-depth understanding of basic knowledge related to network security, operating systems (Windows/Linux/MacOS), and cloud security (AWS/GCP). Experience with incident response methodologies (e.g., NIST SP 800-61, MITRE ATT&CK framework). Familiarity with threat intelligence sources and related tools, with the ability to identify emerging threats and Tactics, Techniques, and Procedures (TTPs). Proficiency in various security tools: firewalls, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), Endpoint Detection and Response (EDR) tools, and vulnerability scanners. Excellent communication skills and teamwork spirit, with the ability to work under pressure during security breach incidents. Preferred Qualifications: Experience in security tool policy development or business R&D. Experience or ability in analyzing 0day/1day vulnerabilities, threat intelligence, and APT (Advanced Persistent Threat) intelligence.