- You will be working on all phases of the detection, investigation and resolution of cyber security events flagged by the various detection systems in use at CDL.
- You will also work closely with other members of the Cyber SOC team to run investigations into the root cause of security events, escalating to the Technical Security, vulnerability and problem-management teams where necessary.
- You will work with various internal and external Cyber SOC-related stakeholders to make sure that our customers security posture is always being strengthened as we work to continually improve security configurations, practices and processes.
- You will be responsible for becoming a subject matter expert on the network and security posture of the customer’s you are assigned to.
- You will be responsible for pro-actively looking for security trends and making recommendations within a customer’s environment.
- You will be responsible for tuning alerts and rules.
- Document Security process and procedures.
- Support service request in-take process and communicate back to requestors promptly
- Ancillary activities that you would be involved in may include providing security-related assistance to internal staff members, running and interpreting the results of vulnerability scans for Technical Security/CSIRT team and applying commonly used information security standards with respect to the systems being used in the Cyber SOC / CSIRT (e.g. ISO 27001, SOC2 and GPG 13).
- Other duties and responsibilities as assigned
- This position will sit in the 24/7 Cyber Defense Center and will involve shift work including day, evening and weekend roles.
- Passion and enthusiasm for Cyber Security.
- 3 to 5 years’ experience of working in a high-performance SOC team in a cyber-security focused organization.
- Experience with an enterprise-grade SIEM platform (e.g. LogRhythm, AlienVault, ArcSight, QRadar, McAfee).
- Working knowledge in network access control, intrusion prevention and detection systems, firewalls, routers, incident response, information security methods, and risk management
- Experience in high volume environments that handle millions/billions of records per day.
- Experience in Security Event analysis & triage, incident handling and root-cause identification.
- Specialty in one or more of the following Information Security domains:
- Cyber Intelligence Analysis, Threat Monitoring, Incident Response, Machine Learning & Artificial Intelligence, Malware Analysis, Computer Forensics, Endpoint Protection, Network Security, Infrastructure Security, Application Security, Platform Security, Identity & Access Management, Security Education & Awareness, Vulnerability Scanning & Management, and Compliance & Risk Management
- Well versed in TCP/IP and other network protocols
- Ability to review and understand packet captures and netflow
- Experience with Red/ Blue team exercises.
- Excellent team-working skills, and a "can do, let's get it done" attitude is crucial.
- A desire to keep learning, extending your skills and pushing the boundaries of your knowledge.
- Excellent verbal and written communication skills
- Elasticsearch, Logstash and Kibana (ELK) experience. Bro and Fluentd experience.
- Ability to write and understand scripts in languages such as Python, Ruby, Bash, etc
- Ability to write and understand complex regular expressions (PCRE).
- Event Detection tools (e.g. FireEye, Palo Alto, Fortinet, Carbon Black, Cylance)
- Experience with 'big-data' platforms such including Hadoop, HDFS, Apache Spark etc.
- IDS/IPS (e.g. TippingPoint, Sourcefire, Snort, Suricata)
- Security related certifications, for example CISSP, GCIH, CEH, OSCP, Security+.
- An undergraduate or higher degree in computing with a strong security component.
- College Degree in Cyber Security or Information Technology or equivalent work experience.
- Certifications like Security+, CEH, GCIH
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Cyber Defense Labs, LLC
Cyber Defense Labs specializes in helping clients reduce business risk BEFORE, DURING and AFTER a cyber incident. The Company provides end-to-end cybersecurity services.
Company Website: www.cyberdefenselabs.com
(if you already have a resume on Indeed)