Your Role and ResponsibilitiesThe Security Consultant role is key part of the SOC.- Responsible for conducting incident response operations according to documented procedures and industry best practices.
- Able to interact with executive levels throughout the company.
- Must have extensive experience in multiple security areas such as SIEM, EDR, XDR, ASM, IDS, APT, and WAF.
- Will be required to participate in multiple intelligence communities and be able to disseminate pertinent informationthroughout the SOC.
- Ideal candidates should have extensive experience in Linux and Windows operating systems, deep knowledge of networking and attack methods such as SQLi and pivoting.
- Enthusiasm and interest in Information Security must be displayed.
Required Technical and Professional Expertise
- Knowledge of network security zones, Firewall configurations, IDS policies
- Knowledge of systems communications from Layer 1 to 7
- Experience with Systems Administration, Middleware, and Application Administration
- Experience with Network and Network Security tools administration
- Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes.
- In-depth experience with log search tools such as HP Arcsight, Splunk, usage of regular expressions and natural language queries
- In-depth knowledge of packet capture and analysis
- Experience with Security Assessment tools (NMAP, Nessus)
- Ability to make create a containment strategy and execute.
Preferred Technical and Professional Expertise
- Intrusion Detection in Depth – SEC503 (GCIA certification) or equivalent
- Hacker Techniques, Exploits & Incident Handling – SEC504 (optional GCIH certification) or
- equivalent.
- GIAC Continuous Monitoring (optional GMON certification) or equivalent
- Advanced digital forensics and Incident Response – FOR 508 (Optional GCFA certification) or equivalent
Recommended
- Computer Forensic Investigation such as Windows Forensic Analysis FOR408 – (Optional
- GCFE certification)
- Perimeter Protection in Depth – SEC502 (optional GCFW certification)
- Advanced Security Essentials – SEC501 (optional GCED certification