Top Skills Details1. Senior SOC experience. Having the ability to respond and re-mediate escalated security alerts with a number of technologies including SIEM, Network, Server, and Endpoints. Being able to communicate across teams to respond to these alerts in a timely fashion.
2. Ability to choose and understanding of the process to select new security technology from beginning to end. This includes making recommendations to leadership, writing a scoping document, getting trial licenses, etc.
3. Malware and incident response experience. (Carbon Black in house)
Our client is looking to add a security analyst to their team. This person will report to the SOC Manager. This person will be on the SOC team and will be resolving elevated alerts handed over from jr analysts. The person will focus on threat detection and remediation. This company currently utilizes Carbon Black so prior experience administering this tool would be great but not necessary coming in. General security analysis experience is required for this role. This is an enterprise organization with facilities around the globe. This is a great opportunity for an individual to get their foot in the door on a tight-knit, highly skilled, security team. There are a lot of skilled people to learn from.
***Client Job Description***
Responds to elevated alerts after being given a synopsis from lower level analysts. Establish rapport with all teams across a global environment, in some cases where English is a second language. Interact closely with infrastructure (server) team, global network team, and desktop support teams to ensure alerts are fully remediated. Require excellent communication skills in writing and speaking. The ability to investigate all aspects of an incident from detection, and respond while analyzing each stage of the attack lifecycle being investigated. Be able to recognize and evaluate the risk severity rating beyond the level already indicated from lower tier analysts. Triage more critical risks readily and be available for 24-7 on call support after hours. Be able to write up incident response notes and full detailed reports on events after investigation is complete.
Be familiar with SIEM, endpoint, network intrusion prevention, firewalls, proxies, WAF, and SOAR technologies while responding to alert tickets. A good understanding of network layouts, protocols, investigation tools such as WMIC, bash, DOC, and PowerShell commands. Familiarity with Windows Active Directory infrastructure, organizational units, access control (rights and permissions), group policy objects, and more. Firm understanding of network subnetting, VLANs, and typical TCP/IP and other protocol network troubleshooting and investigative commands like tcpdump. Be able to implement and read network packet captures using tools like WireShark. Familiarity with threat actors and their motivators, the dark web, malware constructs and threat vectors, and be able to recognize abnormal file system and network behavior.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
If you would like to request a reasonable accommodation, such as the modification or adjustment of the job application process or interviewing process due to a disability, please call 888 472-3411 or email accommodation@teksystems .com for other accommodation options.