What you’ll achieve
As a(also known as Cybersecurity SOC Engineer), you’ll be the technical lead during pre-sales engagements, using a consultative approach towards the customer to fully understand their overall business goals. From there, you’ll translate the client’s business requirements into specific systems or applications for complex technology solutions. We’re looking for significant experience in the security field with proven technical skills and experience in researching, validating and responding to advanced threat actors. The ideal candidate will be a Subject Matter Expert in Cybersecurity Threat Detection, Analysis & Incident Response. In this role, the candidate will leverage all available data sources, security tools and threat trends and, combining security monitoring and analysis techniques, will identify attacks against the organizations. Such efforts are intended to determine the source of the threat, the extent to which client assets have been compromised, recommendations for, and assistance with remediation.
You will:
- Bring a wealth of cybersecurity technical expertise – specifically around SOC operations, automation, incident handling & platform scalability including research and make recommendations for applying MITRE ATT&CK and NIST framework aligned strategies to the Customer’s environment
- Conduct advanced technical investigations for critical incidents paying attention to specific studies and fast remediation advice with a focus on improving the customer security posture; utilize in-depth technical knowledge to design procedures for the detection of threat actor’s behavior, as well as develop and implement standard technical procedures (runbooks) to be used by the Security Monitoring team for day-to-day operations
- Handle forensic and malware evaluation, as well as complex log judgment requests and perform event correlation review through incoming data feeds, ticketing systems and security alert mechanisms
- Provide context on complex security incidents from Customer and other available resources, collect and assemble data, as well as contribute to technical reports
- Perform Event Stream tuning utilizing internal tools, metrics and experience involving key security concepts for systems efficiency and review security related events, assess their risk and validity based on available network, endpoint and global threat intelligence information
Essential Requirements:
- Multiple security certifications from the following:
- SANS GCIA, GCIH
- GREM, GCFE, OSCP (Threat Hunting specialist)
- Solid knowledge of Incident Response, Traffic and Malware Analysis, Forensics and evaluation of security and infrastructure logs;understanding of vulnerability and exploit judgment as well as experience in conducting network traffic analysis and the detection of malicious code on endpoint systems
- Experience in Threat Hunting,threat intelligence and threat modeling concepts along with Microsoft Defender/Sentinel or Crowdstrike EDR/XDR toolsets
- Understanding of computer network exploitation (CNE), computer network defense (CND) concepts, SIEM, Vulnerability Management, Endpoint Security solutions, Linux and Windows operating systems, Honeypots, Sinkholes, Malware Sandbox Technologies and Incident Response
- Understanding of vulnerability and exploit research and the detection of malicious code on endpoint systems with ability to research about targeted threat groups and their tactics, techniques and procedures (TTP)
Desirable Requirements:
- Typically requires 5+ years of related experience in a professional role
- Advanced knowledge of cybersecurity components, principles, practices and procedures