Job Details

ID #49539668
State New York
City Brookville
Job type Contract
Salary USD TBD TBD
Source Stellent IT LLC
Showed 2023-03-25
Date 2023-03-25
Deadline 2023-05-24
Category Et cetera
Create resume

SOC Engineer (Senior Operations Center)

New York, Brookville, 11545 Brookville USA

Vacancy expired!

SOC Engineer (Senior Operations Center) Brookville, New York(Day1 Onsite) Phone+Skype 6+Months JD: The SOC Engineer supports the mission of the Security Operations Center. The engineer will work within the Cybersecurity organization to assist in onboarding system and application logs into the Security Information and Event Management System (SIEM). He or she will be responsible for Incident Response and collaborating with Threat Intelligence and Vulnerability Management teams to develop alerts, reports, dashboards, and Indicators of Compromise (IOC). Duties: Lead Incident Management activities to monitor and resolve incidents Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs) Conduct threat analysis and assessments on network/systems. Monitor, maintain, update, and secure FDNY infrastructure. Establish, maintain and execute all components of an incident response plan, including run books, from incident intake through root cause analysis, technical remediation analysis, and reporting Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system (IDS) logs) to identify possible threats to network security. Execute cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems. Accurately documenting an incident from beginning to end as well as evidence handling. Write, test, and implement IOC's and IR alerts within the cybersecurity tools Collaborate with IT and Cybersecurity team members to onboard system and applications logs in the central logging system Utilize endpoint security tools like CrowdStrike, McAfee, RSA NetWitness, NetBrain for threat hunting Strong knowledge of Proxy Web Gateway Utilize monitoring tools like Armis, Extrahop, Splunk, Secureworks and McAfee IDS/IPS, McAfee Proxy Gateway, Secureworks Taegis Platform, Netwrix, Extrahop, Firewalls (Palo Alto, Fortinet) etc. Use vulnerability management tools like Nessus, Rapid 7 and penetration tools like Core Insight, NMAP, Netcat, and Metasploit Be a power user of Splunk SEIM Perform root cause analysis Minimum requirements: 5+ years of work experience in SOC as a Threat Intelligence or Incident Response Analyst Previous experience performing threat hunting and incident response using SIEM tools, cybersecurity management tools Deep understanding of computer intrusion activities, incident response techniques, tools, and procedures Knowledge of digital forensics methodology as well as security architecture, system administration and networking (including TCP/IP, DNS, HTTP, SMTP) Strong understanding of vulnerability and exploitation concepts Scripting and automation experience in Python, Bash, Powershell, or Javascript Strong knowledge of advisory cyber threat actors including Advanced Persistent Threat (APT) actors, cybercriminal groups, hacktivists, and insider threats Knowledge of and experience with standard network logging formats, network management systems and network security monitoring systems, security information and event management, network packet analysis tools and forensic analysis tools Strong knowledge of cloud and application security Working knowledge of the Cyber Threat Kill Chain Map use cases and subsequent rules and policies to the MITRE ATT&CK framework. Strong knowledge of Network security principles, host-based security principles, network and system administration, forensic analysis principles, cyber threat intelligence principles, PKI, and/or counterintelligence operations Knowledge of and experience with cloud, web proxy, firewalls, IPS, IDS, mail content scanning appliances, enterprise Antivirus solutions, Network Analyzers, and domain name servers desired Preferred requirements: Bachelor's degree in Computer Science or Engineering Knowledge of Malware Analysis, Reverse Engineering, and Memory Forensics tools and techniques Experience building policies and rules on email and network platforms Individuals with CEH, GIAC, Security+ certifications preferred Splunk Power User certification a plus

Vacancy expired!

Subscribe Report job