Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
Role Overview
Working as a Senior Advisor in a security operations center environment with other security and networking professionals, you will extend your currently existing network and endpoint security investigation analysis skillset through identification, assessment, review and authoring of incident reports in a variety of client environments. You will actively investigate threat actor activity, malware infections, living off the land attacks, as well as a variety of other security incidents and provide clients with the impact of the threat, your assessment of the incident, as well as recommendations.
Role Responsibilities
- Review security-related events and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information in order to provide clients with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations.
- Provide customers with understandable context around their security environment and threats.
- Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value.
- Work with client and internal Secureworks incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents.
- Provide mentorship to Secureworks team members and clients on security strategy, tactics, techniques, and procedures.
- Use the Secureworks platform to proactively hunt for and investigate activity within the client environment.
- Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of indicators of compromise.
- Act as first point of coordination for escalations coming on shift directly from customers via chat, tickets, investigations, (with support from manager).
- Act as shift coordinator by prioritizing the tasks, activities, internal and external client’s requests.
- Provide support for all other teams involved in the delivery of the service whenever they have questions or requests from customers.
- Collect and validateflows/processes/toolsissues reported by his shift and present them to the manager.
- Involve in technical assessments, coaching and/or development of training programs for the team members.
- Tracking and reporting of KPIs
Experience, Skills and Abilities
- Significant experience with and expert understanding of:
- Two (2) or more of the following operating systems (Windows, Linux, Mac OS) at a filesystem level.
- Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.).
- Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.).
- Experience with and strong understanding of:
- Performing both endpoint and network-based investigations.
- Reviewing logs to identify evidence of past intrusions.
- Pivot off indicators within networks to identify the scope and breadth of attacks.
- Malware and exploit kit functionality.
- Operating system and application exploits.
- Lateral movement, living-off-the-land, and persistence establishment mechanisms.
- Detection of anomalous system activity.
- Threat hunting methodologies.
- Incident response and incident handling processes.
- Skills and/or abilities required to perform the essential functions of the job:
- Ability to research and characterize security threats including creating appropriate countermeasures.
- Ability to write scripts to automate new and existing tasks.
- Strong technical communication skills, both written and verbal.
- Attention to detail and great organizational and time management skills.
- Excellent problem solving skills that would allow for the ability to diagnose and troubleshoot technical issues.
- Client-focused with a passion for delivering service excellence.
- Courage and willingness to challenge conventional wisdom.
- Great leadership and coaching skills.
- Communication - The ability to make himself well understood by others through the capacity to clearly and convincing express his point of view, to actively listen and control the conversation flow).
- Risk assessment and decision making -The ability to analyze within reason facts and situations, decision making, evaluating consequences of others and undertake acceptable risks.
- Influencing - the ability to convince others of his opinions and determine them to follow.
- Task management and planning - The ability to effectively set an adequate action plan for himself/herself and for others, in order to reach a goal.
- Strong sense of urgency and ability to work under pressure.
- Possess high standard of integrity and confidentiality.
- 5 + years of relevant experience or equivalent combination of education and work experience:
- Completion of a Bachelor’s degree or equivalent program in Computer Science, Network Security, Information Security or other applicable field and 5+ years of work experience in the field.
Certifications
- Industry certification from vendors: ISC2, GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Unix, Microsoft, Oracle, etc. (eg: GCIA, GWAPT, GCIH, GCFA/GCFE, GREM, OSCP/OSCE, eLearn THP or similar certification preferred).
Language
- English - Very strong verbal and written skills.
Location
Work schedule
- Rotating shifts (12h Shifts)