Staffing Science
Overview
This role is 100% remote but must sit in a few selected states in the US. All candidates must reside in one of the following states: Arizona, Nevada, Illinois, Indiana, Iowa, Kansas, Louisiana, Mississippi, Ohio or Pennsylvania. Ideal candidate has 7+ years of SOC IR experience within an enterprise and compliance-focused organization. Ideally, this individual has lead experience and is familiar with Splunk and automation. Should also have good work tenure, strong communication skills, be a US citizen, and reside in one of the listed states. Responsibilities
Developing and mentoring the SOC L1 – L3 Security Analysts, ensuring processes are followed, updating and creating new processes as needed, setting and tracking metrics, and driving new detections/use cases from the SOC Analyst perspective Serves as an escalation point of contact for L1, L2 and L3 Security Operations Center (SOC) analysts Work collaboratively with threat hunters, counter-threat intelligence analysts, incident responders and forensic investigators Stay current with new threats and analyze threat actor tactics, techniques and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems Utilize security models and frameworks for documenting and tracking purposes Leverage automation and orchestration solutions to automate repetitive tasks Assist with incident response as events are escalated, including triage, containment, remediation and documentation Collaborate with owners of cyber defense tools to tune systems for optimum performance and to maximize detection and prevention effectiveness while minimizing false positives Work with security team members to identify security issues from the network, including third-party relationships Investigate and document events to aid incident responders, managers and other SOC team members on security issues and emerging threats Coordinate with relevant personnel to obtain vulnerability information and findings Stay informed about current vulnerabilities and which cyber actors have exploited them Maintain 5-7 years of information security monitoring experience Experience working in a 24x7 operational environment, with geographic disparity preferred Experience with SIEM, EDR, threat intelligence platforms, security automation and orchestration, IDS/IPS, DLP and other monitoring tools Experience with security monitoring controls, methodology, and event remediation/resolution Take ownership of the team\'s infrastructure and ensure it is up to date and operating as expected Involvement in evaluation and design of new tools On-board security log data and tune the SIEM platform Extend tool functionality with API integrations and automation tasks Develop detection strategies and deploy alerting to identify malicious activity Assist with the team\'s main responsibilities by contributing during triage and incident response Participate in and lead training activities, working groups and knowledge sharing with other team members Proven experience as an engineer working with cyber security-related infrastructure and tooling Cloud security knowledge Security certifications (e.g., CISSP, CEH) are a plus Employment details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Information Technology Industries: Staffing and Recruiting
#J-18808-Ljbffr
This role is 100% remote but must sit in a few selected states in the US. All candidates must reside in one of the following states: Arizona, Nevada, Illinois, Indiana, Iowa, Kansas, Louisiana, Mississippi, Ohio or Pennsylvania. Ideal candidate has 7+ years of SOC IR experience within an enterprise and compliance-focused organization. Ideally, this individual has lead experience and is familiar with Splunk and automation. Should also have good work tenure, strong communication skills, be a US citizen, and reside in one of the listed states. Responsibilities
Developing and mentoring the SOC L1 – L3 Security Analysts, ensuring processes are followed, updating and creating new processes as needed, setting and tracking metrics, and driving new detections/use cases from the SOC Analyst perspective Serves as an escalation point of contact for L1, L2 and L3 Security Operations Center (SOC) analysts Work collaboratively with threat hunters, counter-threat intelligence analysts, incident responders and forensic investigators Stay current with new threats and analyze threat actor tactics, techniques and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems Utilize security models and frameworks for documenting and tracking purposes Leverage automation and orchestration solutions to automate repetitive tasks Assist with incident response as events are escalated, including triage, containment, remediation and documentation Collaborate with owners of cyber defense tools to tune systems for optimum performance and to maximize detection and prevention effectiveness while minimizing false positives Work with security team members to identify security issues from the network, including third-party relationships Investigate and document events to aid incident responders, managers and other SOC team members on security issues and emerging threats Coordinate with relevant personnel to obtain vulnerability information and findings Stay informed about current vulnerabilities and which cyber actors have exploited them Maintain 5-7 years of information security monitoring experience Experience working in a 24x7 operational environment, with geographic disparity preferred Experience with SIEM, EDR, threat intelligence platforms, security automation and orchestration, IDS/IPS, DLP and other monitoring tools Experience with security monitoring controls, methodology, and event remediation/resolution Take ownership of the team\'s infrastructure and ensure it is up to date and operating as expected Involvement in evaluation and design of new tools On-board security log data and tune the SIEM platform Extend tool functionality with API integrations and automation tasks Develop detection strategies and deploy alerting to identify malicious activity Assist with the team\'s main responsibilities by contributing during triage and incident response Participate in and lead training activities, working groups and knowledge sharing with other team members Proven experience as an engineer working with cyber security-related infrastructure and tooling Cloud security knowledge Security certifications (e.g., CISSP, CEH) are a plus Employment details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Information Technology Industries: Staffing and Recruiting
#J-18808-Ljbffr