Vacancy expired!
We are seeking a Senior SOC Engineer to play a key role in supporting our client's Security Monitoring and Incident Response services by improving their ability to prepare, identify , and respond to the organization's cyber threats. Must have experience designing security operation processes, understand where to focus efforts to increase program maturity and are proficient at performing cyber event investigations. Will contribute to the cloud monitoring strategy and make recommendations for improvement and automations.
This is a full time position with our client and can be 100% remote. This is an individual contributor role. How you will make an impact:- Drive process improvement initiatives to increase SOC maturity.
- Lead and support technical investigations of security events and incidents.
- Perform incident handling functions.
- Develop and maintain SOC and incident response playbooks.
- Assist with the implementation of new SOC capabilities.
- Provide guidance and mentorship to other SOC staff.
- Provide backup support for security operations capabilities including Cyber Threat Intelligence, Adversary Hunt, Detection Engineering and other areas.
- 8+ years of experience in Information Security.
- 2+ years of experience working as a Tier 2+ analyst in a SOC.
- Understanding of current attack tools, tactics, procedures, and how to detect and/or mitigate them.
- Knowledge of incident response and handling methodologies.
- Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). MITRE Att&ck, Cyber Kill Chain, etc.
- Knowledge of threat actors (e.g., script kiddies, insider threat, non-nation state-sponsored, and nation sponsored). An understanding of threats specific to the financial industry is a benefit.
- Strong understanding of security operations technologies including SIEM, EDR and orchestration (SOAR). Splunk Enterprise Security, CrowdStrike, and XSOAR experience is a plus.
- Ability to work in a fast-paced environment shifting focus as needed to address high risk tasks.
- Experience contributing to the deployment/maturity of a Security Operations Center.
- Experience implementing newer SOC technologies and capabilities such as SOAR, XDR, Adversary Simulation, Attack Ranges, Risk Based Alerting, etc.
- Experience extending SOC capabilities into IaaS/Cloud environments (AWS, Azure) would be a plus.
- Relevant certifications such as CISSP, GCIH, GCIA, GNFA, GCFA, GCFE, GSOC, GMON, or equivalent experience and skills.
- An agile mindset to move quickly and make iterative improvements from lessons learned.
- Experience implementing newer SOC technologies and capabilities such as SOAR, XDR, Adversary Simulation, Attack Ranges, Risk Based Alerting, Re-elevant certifications such as CISSP, GCIH, GCIA, GNFA, GCFA, GCFE, GSOC, GMON, or equivalent experience and skills.
- Strong understanding of security operations technologies including SIEM, EDR and orchestration (SOAR). Splunk Enterprise Security, CrowdStrike, and XSOAR experience is a plus.
Vacancy expired!