Job Description
-As an active member of the team, monitor and process response for security events on a 24x7 basis.
-Be a point of escalation for security events 24x7x365.
-Manage security event investigations, partnering with other departments as needed.
-Evaluate and update SOC policies and procedures as appropriate.
-Develop metrics and scorecards to measure risk to the organization
-Plan and execute regular incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
-Stay current with and remain knowledgeable about new threats. Analyze attacker tactics, techniques and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
-Participate in threat modeling collaboration with other members of the security team.
-Leverage automation and orchestration solutions to automate repetitive tasks.
-Assist with an incident response as events are escalated, including triage, remediation, and documentation.
-Aid in threat and vulnerability research across event data collected by systems.
-Investigate and document events to aid incident responders, managers and other team members on security issues and the emergence of new threats.
-Work alongside other security team members to hunt for and identify security issues generated from the network, including third-party relationships.
-Share information as directed with other team members and ISACs.
-Seek opportunities to drive efficiencies.
-Adhere to service level agreements (SLAs), metrics and business scorecard obligations for ticket handling of security incidents and events.
-Partner with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
-Leverage knowledge in multiple security disciplines, such as Windows, Unix, Linux, data loss prevention (DLP), endpoint controls, databases, wireless security and data networking, to offer global solutions for a complex heterogeneous environment.
-Maintain working knowledge of advanced threat detection as the industry evolves.
Required Skills & Experience
-3+ years of experience in a SOC environment
-Strong Splunk experience -- enterprise security module in Splunk, tuning Splunk, queries, operate inside, taking events, troubleshooting alerts
-Strong incidence response experience -understanding the incident response lifecycle
-Experience with end point technology -- McAfee, Carbon Black, FireEye, or CrowdStrike
-Experience working incidents within a SOC
-Ability to learn on the fly
-Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives
Nice to Have Skills & Experience
-Certifications : SANS, GCIH, GCIA; CISSP, CEH
-Experience in building out a SOC from the ground up
-Experience building or implementing security platforms
-Experience implementing IDS or IPS
-Firewalls
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.