המקום בו המומחים והחברות הטובות ביותר נפגשים
What you'll be doing:
Reviewing alerts from internal Security Information and Event Management (SIEM) tools requiring log correlation, log analysis, identifying malicious behavior, vetting of False Positives, remediating system misconfigurations and tracking system state changes.
Providing first level response for security events including but not limited to intrusion detection, malicious use of cloud resources, denial of service incidents, privileged account misuse and network breaches
Collaborate across product with sophisticated threat response teams, taking on role of incident commander.
Building automated vulnerability scans and review vulnerability assessment reports
Leading the collection of assets data (configuration settings, running processes, network connections, etc.) for further investigation
Developing new data dashboards and metrics that detail threats to the security posture.
Exploring ways to identify stealthy threats and devise containment processes
Building and maintaining security incident response playbooks and apply them for remediation and recovery efforts
What you should have:
Bachelor's degree (or equivalent experience) in Computer Science, Information Security or a related field
10+ years of hands-on experience in SOC or Security Incident response teams
Outstanding organizational and collaborative focus
Ability to lead in challenging scenarios
Experience with public cloud providers like AWS, GCP and Azure along with their security standard and methodologies is required
Experience with cloud, IaaS, PaaS,‘network-as-a-service’environment.
Shown Splunk skills (detection creation, queries and dashboard development)
Demonstrated background in security products (Tenable Nessus, Nexpose) and technologies (Public Key Infrastructure (PKI) systems, authentication and authorization mechanisms, encryption of data in transit and data at rest), modern logging technologies (Splunk and Kibana), security engineering, networking protocols (TCP/UDP), security analysis, network and endpoint forensics
Programming experience in Python, shell scripting to automate and integrate with security tools
Focus on collaboration with excellent verbal and written skills to build effective documentation and streamlined incident reports and RCCA artifacts
Ways to stand out from the crowd:
Validated knowledge and technical savvy with Cloud security controls (security groups, Cloud Trail logs, IAM, EC2, S3, Kubernetes best security practices. etc.)
Understanding of industry compliance standards relevant to Software as a Service and Cloud Computing, such as ISO27001, SOC2, NIST, HIPPA and PCI-DSS
Familiarity with common DevOps technologies such as Ansible, Dockers, Terraform, Kubernetes along with strong Linux fundamentals is a plus
One or more security certifications (CISSP, SSCP, CSSP, GISP, Security+, etc.)
Previous experience in tacking security challenges in a Hybrid cloud environment (workloads spread across on-premise data center and public cloud such as AWS)
You will also be eligible for equity and .
משרות נוספות שיכולות לעניין אותך