Sr. SOC Engineer

You will be the last line of defense for our client, protecting them from threats that have evaded existing security controls. You will run investigations to ground and respond, or provide our client with direction and recommend response actions. As a primary user of the SOC platform, and a senior level team member, your input will also help shape the future direction of this innovative platform and service, as our client continually evolves their threat detection capabilities and improve SOC efficiency.

‍

‍

• Monitoring, detecting and responding to threats in customer environments using our client’s SOC platform
• Developing incident response plans and working with customers to contain identified threats
• Communicating regularly with customers and providing security expertise and advice
• Acting as an escalation resource for our client’s SOC Security Analysts who are triaging security events and observations to identify potential threats
• Tuning threat detection for both general and specific customer environments to minimize noise and amplify signal
• Assisting with the design of new SOC workflows and processes to improve SOC scalability and efficiency
• Participate in DevSecOps to continually improve threat detection capability and accuracy
• Maintaining proficiency by following the latest trends and developments in cybersecurity

• Minimum 5 years of operational experience (detection and response) working in a SOC or the equivalent as a member of an IT security team
• Familiarity with common and latest forms of malware, attacker tools, and techniques
• Ability to design and implement new approaches for detecting attacks and effective containment techniques, including scripting, analytics and automation.
• Strong understanding of IP networking fundamentals and internet protocols such as TCP/IP, HTTP, TLS, SMTP, DNS and SSH
• Knowledge of Linux, Mac and Windows operating systems, mobile devices and the IT application landscape (Microsoft Office, Active Directory, Collaborative Tools, etc.)
• High level understanding of public cloud Infrastructure-as-a-Service (IaaS) environments such as AWS, Azure and Google Cloud and Software-as-a-Service (SaaS) solutions like Office 365
• Experience working with a selection of SIEM, TIP, malware analysis, and vulnerability assessment/management tools as well as multiple sources of threat intelligence to properly categorize suspicious behavior
• Knowledge and understanding of security concepts and best practices through practical experience as well as familiarity with cybersecurity frameworks such as NIST, CIS, ISO or PCI DSS
• Degree in computer science, computer engineering, information systems or equivalent work experience in a related field
• Technical information security certifications such as GIAC, OSCP, CREST, CCIE, HCISPP, CCSP, Microsoft Azure Security Engineer associate are a plus
• Hands-on experience installing, configuring or tuning some or all of the following security technologies: Network firewalls, WAF, IDS/IPS, secure web gateways/web proxy,
• IAM solutions, endpoint protection(EPP/AV/HIDS), endpoint detection and response solutions (EDR), DLP/FIM, NAC, and VPN/encryption