Job Description :
SHIFT: The candidates need to be open to work any of those shifts. Notice of what shift they''ll be working will be given in advance.
Weekday:
M-F
- 6-3pm
- 8-5pm
- 9-6pm
M-Th
- 12-10pm
- 10pm-8am
Weekend:
6am 630pm
6pm- 630am
REQUIREMENTS/CERTIFICATIONS (w/ Rankings):
* Certs and exp. is ranked in order of preference. Candidates do not need all of the below, but should have a combination of a few from each category.
Certs:
1) SANS - GCDA, GMON, GCIH, GCIA, GCED, GDAT
2) CompTia CASP+, CySA+, Sec+
3) Cisco - CCNA Cyber Ops
4) EC-Council CEH
5) IC2 CISSP, SSCP
Experience:
1) SIEM
2) Log Analysis and Event Correlation
3) Domain/IP/URL/Hash Analysis
4) EDR - Endpoint Detection and Response
5) Packet Analysis
6) Sandbox Analysis
7) Malware Analysis
8) MITRE ATT&CK framework
9) Cyber Kill Chain
Preferred Background:
1) Cyber Security
2) Incident Response
3) Digital Forensics
4) Cyber Intelligence
5) Email Security
6) IDS/IPS
7) Network Security
PROJECT: The SOC provides 24/7 coverage of incident response across multiple platforms and environments.
TOP REQUIREMENTS: Knowledge of industry recognized analysis frameworks (Kill Chain, Diamond Model, MITRE ATT&CK, NIST Incident Response, etc. BS in Computer Science, Computer Engineering, Cyber Security, Forensics and/or equivalent work experience. Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and adaptive learning.
* What experience will set candidates apart from one another Self-starting, positive mindset.
* Looking for 1-3 years of experience with the frameworks/tools listed in the below qualifications section.
Job Responsibilities:
? Perform incident response, with a primary focus of eliminating the threat to the network and determining the cause of the security incident while preserving evidence for further analysis
? Ensure incidents are handed in a manner that is consistent with established playbooks
? Monitors SIEM and logging for alerts of potential network threats, intrusions, and/or compromises
? Responsible for understanding the global threat environment and general security best practices
? Assists with triage of service requests from automated sensors and internal requests for assistance
? Participates in active cyber hunting to identify and eliminate known and unknown network threats
? Interface with technical personnel from various disciplines to rapidly resolve critical issues
? Appropriately inform and advise leadership of incidents and propose effective response and/or countermeasures for containment.
? Participate in knowledge sharing with other security engineers and partner.
? Identify, document, and recommend new or revised incident response playbooks
? Drive continuous improvement of processes and procedures to improve analysis, detection, and mitigation of incidents in support of the overall Cyber Defense mission
? Create and drive action plans to address recurring or ongoing information security incidents.
? Develop and maintain reporting metrics used to measure team performance, ensure analyst adherence to processes/procedures for operational consistency, identify process improvements, coaching, training and professional development of the staff.
? Participate in the planning and implementation of information security technology projects. Serve as point-person and subject matter expert for issues and projects related Cyber Security Counter Threat Operations.
? Collaboration as appropriate with leadership and other key stakeholders
Job Qualifications:
Required:
? Knowledge of industry recognized analysis frameworks (Kill Chain, Diamond Model, MITRE ATT&CK, NIST Incident Response, etc
? BS in Computer Science, Computer Engineering, Cyber Security, Forensics and/or equivalent work experience
? Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and adaptive learning
? Thorough understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc
? Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule (including occasional shift work)
Preferred:
? Experience with network monitoring in a SOC environment
? Security certifications (e.g. Security+, GCIA, GCIH, CEH, CFCE, OSCP, etc
? Experience and knowledge conducting cyber threat analysis originating from phishing emails
? Previous experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms
? Effective organizational, analytical and independent problem solving skills