Role Overview:
FortiCloud SOC-as-a-Service team operates based on a follow the sun approach. Working hours for this position includes 5 days/40 hours per week, consisting of 1 weekend and 4 weekdays (e.g. Sunday – Thursday or Tuesday – Saturday), 8am – 4pm.
Responsibilities:
- Monitor SOC alerts to detect potential threats.
- Use threat intelligence feeds, triage alerts and filter out false-positives.
- Create custom reports, dashboards, and execute log searches to support investigations and customer’s requirements.
- Work with customers and Forensic analysis team to contain and eradicate incidents if need be.
- Follow Incident Response playbooks, processes and procedures and help to improve them.
- Create/Update use case detections to detect new threats from raw logs.
- Create/Update playbooks to automate repetitive triage steps.
Requirements:
- Minimum 4 years of SOC experience.
- Understanding of SOC operations and Incident Response Life cycle.
- Understanding of Cyber Kill chain, threat vectors and threat intelligence.
- Understanding of layered security at data, OS and network levels.
- Understanding Cybersecurity Frameworks.
- Hands-on experience with security log analysis such as AV, IPS, Anti-Spam logs.
- Hands-on experience with visualization, reporting technologies.
- Hands-on experience with PostgreSQL, regular expressions.
- Hands-on experience with Network Security technologies such as Firewalls, SIEM, Sandbox.
- Hands-on experience with Linux and Windows system administration.
- Previous working experience with Fortinet products is a bonus.
- Team player, solution-focused, conflict management skills.
- Self-directed, takes initiatives.
- Open to new challenges and learning opportunities.
- Understands the importance of discipline, consistency and communication.
- Good verbal and written communication skills.
- Cybersecurity certifications such as GCIA, GCIH, GMON, GSOC, CEH, Security+ is a bonus.