Senior Advanced Security Engineer/Analyst - SOC Tier 3
We are hiring for a Tier 3 Senior Advanced Security Engineer to perform incident response triage and analysis using network security tools in a SOC environment to contribute to an Enterprise level Financial Institution. Primary responsibilities include Endpoint Detection and Response (EDR), SIEM, Network Full Packet Capture, and Malware Sandbox. Performing Advanced Persistent Threat (APT) procedures and systems to respond to complex threat behaviors or indications requiring experts to hunt and characterize Advanced Persistent Threats.
Reviews asset discovery and vulnerability assessment data. Explores ways to identify potential threats that may have found their way inside the network, without detection, using the latest threat intelligence. Conducts penetration tests on production systems to validate resiliency and identify areas of weakness to fix. Recommends how to optimize security monitoring tools based on threat hunting discoveries.
Assesses threat tickets generated by Tier 1 or 2 Analysts and will be leveraging emerging and known threat intelligence Leverages emerging threat intelligence to identify affected systems and the scope of the attack. Reviews runs processes on these systems for further investigation in order to determine and direct remediation and recovery efforts.
Work Experience / Skills:
InfoSec experience, preferably in a CIRT / SOC environment
Networking, TCP / IP, switching/routing/firewall experience.
Network analysis, with a focus on security, tcpdump, windump, wireshark.
SysAdmin skills (Linux/Mac/Windows); programming (Python, Ruby, PHP, C, C#, Java, Perl, and more)
Experience with host-based triage, forensics, and malware analysis using Endpoint Detection and Response (EDR) tool
Experience analyzing network traffic with network monitoring toolset
Experience analyzing log events and alerts in a SIEM environment
Experience using a malware sandbox, vulnerability management software, CVEs, patch analysis, threat analysis
Experience with application penetration testing (e.g., Metasploit), network security (e.g. firewalls, IDS / IPS, NAC, VPN, SDN).
Experience with cloud security is a big plus (e.g., AWS, Azure, GCP)
Bachelor's Degree in Computer Science, Information Technology or Cybersecurity related field.
Minimum 3+ years of highly relevant experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) and/or a Cyber Security Operations Center (CSOC)