IT Security Engineer

G

Gulf Capital Bank

IT Security Engineer

Houston, TX
Full Time
Paid
  • Responsibilities

    Benefits:

    401(k)

    401(k) matching

    Dental insurance

    Health insurance

    Paid time off

    Vision insurance

    Title: IT Security Engineer

    Job Grade: Exempt/Salary

    Department: Information Security

    Company Overview

    Gulf Capital Bank aims to redefine the value of a bank by offering the personal relationship touches of a traditional community bank combined with the ease of state-of-the-art banking technology and global connections provided by a group of Houston’s business and civic leaders.

    For more information go to: https://www.gulfcapitalbank.com/.

    Brief Description

    The IT Security Engineer is responsible for the day‑to‑day operation, monitoring, and continuous improvement of the bank’s cybersecurity controls, with a strong focus on incident detection, investigation, containment, and response across on‑premises and cloud environments. This role acts as a first responder during security incidents, performing technical triage, scope determination, and initial containment, while collaborating with IT, infrastructure, and business teams to eradicate threats and restore services.

    The ideal candidate demonstrates hands‑on expertise with Next‑Generation Firewalls (NGFW), Microsoft Defender for Endpoint, Microsoft Azure security controls, and enterprise incident response practices. This role requires a strong understanding of the financial services threat landscape, the ability to translate technical findings into business impact, and the discipline to operate within regulatory and audit expectations.

    Duties/Responsibilities

    Security Operations & Incident Response

    · Serve as a primary responder for cybersecurity incidents, performing alert triage, investigation, containment, eradication, and recovery activities across endpoints, networks, and cloud platforms.

    · Conduct initial incident analysis, determine scope, assess business impact, preserve evidence, and recommend containment and remediation actions.

    · Maintain and execute incident response playbooks, including phishing, ransomware, malware, credential compromise, insider threat, and data exposure scenarios.

    · Coordinate incident response activities with internal IT teams, management, and external partners as required.

    · Document incidents thoroughly, including timeline, root cause, indicators of compromise (IOCs), actions taken, and lessons learned.

    Endpoint and EDR Security (Microsoft Defender for Endpoint)

    · Manage and operate Microsoft Defender for Endpoint (MDE), including alert investigation, advanced hunting, threat containment, and incident correlation.

    · Analyze endpoint telemetry, behavioral indicators, and attacker tactics to identify malicious activity and lateral movement.

    · Tune detection logic and response actions to reduce false positives while improving detection efficacy.

    · Validate remediation actions through post‑incident verification and rescanning.

    Network Security & NGFW

    · Monitor, manage, and support Next‑Generation Firewall (NGFW) platforms, including policy review, traffic inspection, intrusion prevention, and threat detection.

    · Investigate network‑based alerts, anomalous traffic patterns, and blocked/exploited services.

    · Work with infrastructure teams to ensure firewall configurations align with least‑privilege and defense‑in‑depth principles.

    · Participate in firewall rule reviews, network segmentation initiatives, and rule recertification efforts.

    Cloud & Azure Security

    · Support cybersecurity operations within Microsoft Azure, including monitoring of Azure-native security controls and logs.

    · Assist in identifying misconfigurations, identity weaknesses, and exposure risks within cloud workloads.

    · Investigate cloud‑related security alerts and suspicious activities, correlating them with endpoint and network telemetry.

    · Collaborate with IT teams to improve secure cloud architecture, identity protection, and logging coverage.

    Threat Detection & Analysis

    · Perform threat and vulnerability analysis using data from SIEM, EDR, IDS/IPS, firewalls, email security platforms, and cloud security tools.

    · Leverage MITRE ATT&CK and adversary TTPs to enhance detection, investigation, and response capabilities.

    · Conduct basic malware analysis and extract indicators of compromise (IOCs) to support containment and threat hunting.

    · Perform suspicious email analysis, URL/domain reputation checks, and phishing campaign investigations.

    Vulnerability & Risk Support

    · Support vulnerability management activities by validating findings, assisting in prioritization based on exploitability and business risk, and confirming remediation.

    · Participate in security control testing and post‑remediation verification.

    · Maintain awareness of emerging threats, vulnerabilities, and attack techniques relevant to financial institutions.

    Vendor & Third‑Party Security Support

    · Support vendor risk and security oversight activities in coordination with IT and risk management teams.

    · Assist with technical due diligence, control validation, and ongoing monitoring of third‑party technology providers.

    · Participate in vendor reviews, issue tracking, remediation validation, and Quarterly Business Reviews (QBRs) as needed.

    Knowledge, Skills, and Education Requirements:

    Minimum 3 years of experience in cybersecurity, information security operations, or security engineering within IT or infrastructure environments.

    Strong hands‑on experience with:

    Microsoft Defender for Endpoint (or comparable EDR platform)

    Next‑Generation Firewalls

    SIEM and security monitoring tools

    Working knowledge of incident response lifecycle, including triage, containment, eradication, and recovery.

    Solid understanding of:

    Networking and TCP/IP

    Windows Server and Windows endpoints

    Linux fundamentals

    Cloud environments, preferably Microsoft Azure

    Familiarity with MITRE ATT&CK, Cyber Kill Chain, and common adversary techniques.

    Ability to investigate complex security issues, identify root causes, and recommend effective remediation.

    Strong written and verbal communication skills, including the ability to translate technical issues into business‑relevant terms.

    Ability to work independently in high‑pressure, fast‑moving incident scenarios while collaborating across teams.

    Preferred Experience / Certifications

    Experience supporting security operations in a financial services or regulated environment

    Certifications such as:

    CISSP

    Security+, Network+

    GCIA / GCED / GSOC or similar

    Experience with cloud security monitoring, identity protection, or Azure security tooling.

    Physical Demands

    The employee will occasionally lift and/or move up to 25 pounds. The employee will regularly sit; talk; hear; and use hands to finger, handle or feel. The employee will occasionally stand; walk; reach with hands and arms; climb and balance; and stoop, kneel, crouch, or crawl. Special vision requirements include close, distant, and peripheral vision; depth perception; and the ability to adjust focus. The noise level in the work environment is usually moderate. The work environment and physical demands are those of a standard retail branch setting. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

    Disclaimer

    The above information has been designed to indicate the general nature and level of work performed within this job. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to the job. Incumbent must attend work on a regular basis, on time, and withstand varying degrees of stress. This position description describes the minimum selection requirements to qualify for the position. Promotion and other employment decisions are based on employer needs, being in good standing, fully competent performance, and other non-discriminatory subjects.

    As of the date shown below, the contents of this job description are intended to describe the general nature and level of work being performed by people assigned to this job. It is not intended to be an exhaustive list of all responsibilities, duties and skill required of personnel so classified. Further, essential job functions are subject to change based upon business needs.

    Gulf Capital Bank is an Equal Opportunity Employer.