2 - 4 years of experience in Security Operation Center (SOC), Cyber Security, and Information Security within an enterprise environment.
Experience with Windows and Linux, server and application hardening process.
Experience supporting one or more information security technologies.
Mandatory experience in Azure, EDR, XDR (Crowdstrike, Windows Defender), SOAR, SIEM Tools (e.g., Splunk, Rapid7, ArcSight, McAfee Nitro), Palo Alto, Cisco and one of the following: IDS/IPS, database activity monitoring, multi-factor authentication, web content filtering, encryption, and encryption key management, DLP, change detection.
Working knowledge of TCP/IP stack & familiarity with common protocols e.g., HTTP, FTP, SMTP, DNS.
Familiarity with network and application threats such as DoS/DDoS, SQL injection, XSS, reconnaissance scanning, and methods to avoid detection.
Working knowledge of compliance, and regulatory requirements, such as Payment Card Industry (PCI), Sarbanes-Oxley (SOX), and Healthcare Information Privacy Protection Act (HIPAA).
Experience with vulnerability scanning tools such as Nessus, Acunetix, Qualys, or Metasploit a plus.
Have scripting experience with Bash, PowerShell, or Python and the ability to use these skills to aid in responding to incidents involving Windows, Linux, and Mac hosts.
Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain.
InfoSec certification are a plus such as CISSP, CompTIA Security+, GIAC Security Essentials, & CEH
Have strong oral and written communication skills Strong interpersonal and leadership skills.
Responsibilities:
Triage security incidents identified by SOC analysts.
Identify enhancement to rule sets and other tool optimization to automate reporting and reduce false positives in unified SIEM and review with manager / senior team members for implementation.
Coordinate with SOC manager to escalate security issues to other business units including solutions development, customer hosting and corporate IT.
Collaborate with business units to prioritize vulnerability remediation and execution of planned activities.
Subscribe to threat intelligence services and monitor vendor alerts for major vulnerability disclosures.
Monitoring of advanced security tools, perform analysis of dissimilar indicators, correlation of multiple sources, alert & coordination of security incidents across the environment.
Review & analyze system logs and third-party management products to preemptively detect, take defined corrective actions and alert process/system owners to new issues.
Assist with creation and maintenance of security incident response procedures.
Participate in research and assist implementation of security tools used by SOC team.
Assist SOC manager with dashboards and business reporting.
