Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

Dell Incident Response Senior Advisor - Shift Leader 
Romania, Bucharest 
739932967

23.11.2024

Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

Be part of an exciting team that deals with bleeding-edge information security attacks, malware infections, and incident response situations on a daily basis. Protecting our clients from threat actors attempting to compromise their environments.

Working as a Senior Advisor in a security operations center environment with other security and networking professionals, you will extend your currently existing network and endpoint security investigation analysis skillset through identification, assessment, review and authoring of incident reports in a variety of client environments. You will actively investigate threat actor activity, malware infections, living off the land attacks, as well as a variety of other security incidents and provide clients with the impact of the threat, your assessment of the incident, as well as recommendations.

Role Responsibilities

  • Review security-related events and assess their risk and validity based on availabletelemetry fromnetwork, endpoint, and global threat intelligence informationin order toprovide clients with concise, detailed, and well-written incident reports, root causes identification, and remediationrecommendations
  • Provide customers with understandable context around their security environment andthreats
  • Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues thatimpactthe service and itsvalue
  • Work with customerand internalSecureworksincident response teams to resolve ongoing intrusions, malware outbreaks, and other securityincidents
  • Provide mentorship to SecureWorks team members and clients on security strategy, tactics, techniques, andprocedures
  • Use theSecureworksplatform to proactivity hunt for and investigate activity within the clientenvironment
  • Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of indicators ofcompromise
  • Provide support for all other teams involved in the delivery of the service whenever they have questions or requests from customers
  • Act asfirst point of coordination for escalations coming on shift directly from customers via chat, tickets, investigations, (with support from manager)
  • Act as shift coordinatorby prioritizing the tasks, activities, internal and external client’srequests
  • Collect andvalidateflows/processes/tools issues reported by his shift and present them to themanager
  • Involve in technical assessments, coaching and/or development of training programs for the teammembers
  • Tracking and reporting of KPIs

Requirements

Significant experiencewith and expert understanding of:

  • Two (2) or more of the following operating systems (Windows, Linux, Mac OS) at a filesystem level
  • Fundamental Internet protocols,servicesand technologies (e.g.HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.)
  • Common security controls (e.g.firewalls, proxies, IDS/IPS, WAF, etc.)

Experience with and strong understanding of:

  • Performing bothendpointand network-based investigations
  • Reviewing logs toidentifyevidence of pastintrusions
  • Pivot off indicators within networks toidentifythe scope and breadth ofattacks
  • Malware and exploit kit functionality
  • Operating system and application exploits
  • Lateral movement, living-off-the-land, and persistence establishmentmechanisms
  • Detection of anomalous system activity
  • Threat hunting methodologies
  • Incident response and incident handling processes

Skills and Abilities

  • Ability to write scripts to automate new and existing tasks
  • Strong technical communication skills, both written and verbal
  • Attention to detail and great organizational and time managementskills
  • Excellentproblem-solvingskills that would allow for the ability to diagnose and troubleshoot technicalissues
  • Client-focused with a passion for delivering serviceexcellence
  • Strong senseof urgency and ability to work underpressure
  • Possess high standard of integrity andconfidentiality
  • Great leadership and coaching skills
  • Communication - The ability to make himself well understood by others through thecapacityto clearly and convincing express his point of view, to actively listen and control the conversation flow)
  • Risk assessment and decision making -The ability to analyze within reason facts and situations, decision making, evaluating consequences of others and undertake acceptablerisks
  • Influencing - the ability to convince others of his opinions anddeterminethem tofollow
  • Task management and planning - The ability to effectively set an adequate action plan for himself/herself and for others,in order toreach a
  • Industry certification from vendors: ISC2, GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Unix, Microsoft, Oracle, etc.(e.g.:CISSP,GSEC,GCIA,GWAPT, GCIH, GCFA/GCFE,GREM, OSCP/OSCE, eLearn THPor similar certification preferred