Job Description

A lead technical role in the CyberSecurity Security Operations Center (CSOC) responsible for providing
operational support on monitoring the MSSP platform and incident response. Primary responsibility will be

to follow procedures to triage and investigate security alerts, monitor and respond to security
threats, investigate cases, and take immediate action or recommend a course of action to
mitigate the threat. Facilitates the ingress, implementation, and egress of complex client trouble/change
requests for managed premise, cloud, NextGen firewall, DDoS, Threat Intelligence, and Secure
Log Management products. Provides mentoring, training, and escalation support to Security Analysts
and is involved with maturing incident response procedures and evaluating new security technologies.
Represents security operations as technical lead and point of escalation with clients, vendors, and
internal corporate organizations. Takes ownership and leads on projects.

Responsibilities:

• Serve as Tier 3 level for complex technical and procedural escalations;
• Provide technical lead support to clients, vendors, and coworkers as required;
• Responsible for the development and execution of incident response plans for escalated response processes;
• Proactively identify indicators of compromise and generate and execute Incident Response Plan upon detection;
• Provide Incident remediation and prevention documentation;
• Handle User and Entity Behavior Analytics (UEBA) use cases of potential security incidents and security events in accordance with SOC processes and procedures;
• Identification and resolution of complex issues in customer environments. Develop resolution and implementation plans;
• Research, analyze and identify potential vulnerabilities and security deficiencies;
• Initiate escalation procedure to counteract potential threats/vulnerabilities;
• Research and implement customer-generated change requests for MSSP products;
• Perform tasks associated with the installation, turn up, and maintenance of security infrastructure and escalation of same;
• Conduct security training, new hire training, and network impact reviews;
• He/she will be part of a rotating SOC shift and will need to manage their schedule accordingly so to ensure there is coverage during SOC shifts.

Requirements:

• 5 - 10 years of professional work experience in Information Security with at least a couple of years of SOC based experience;
• Demonstrated proficiency in exercising a detailed depth and breadth of technical subject knowledge;
• Possible security technology certifications (e.g. CISSP, SANS (GCIA, GCIH, GSEC));
• BS/BA degree in Computer Science, Information Technology, or related discipline or equivalent experience;
• Strong analytical skills to define risk, identify potential threats, document and develop action/mitigation plan;
• A passion for information security and data security;
• Knowledge/experience with Operating Systems (e.g. Windows Server, CentOS Linux);
• Knowledge/experience of networking and firewalls (e.g. Cisco, Palo Alto, Checkpoint, Juniper, Fortinet, Sophos, Radware);
• Working knowledge of Elastic Stack (Elasticsearch, Kibana) and Log Management/SIEM (e.g. Splunk, QRadar, ArcSight);
• Good to have programming and scripting skills (e.g. C++, Bash, Python, Perl, Powershell);
• Foundational Knowledge of Enterprise Anti-Virus, IDS, Full Packet Capture, and Host/Network Threat Analysis;
• Knowledge of Threat Monitoring Procedures;
• Experience with securing various environments preferred;
• Experience working a SOC and doing incident response is preferred.