Experience:

• 2 - 4 years of experience in Security Operation Center (SOC), Cyber Security, and Information Security within an enterprise environment.
• Experience with Windows and Linux, server and application hardening process.
• Experience supporting one or more information security technologies.
• Mandatory experience in Azure, EDR, XDR (Crowdstrike, Windows Defender), SOAR, SIEM Tools (e.g., Splunk, Rapid7, ArcSight, McAfee Nitro), Palo Alto, Cisco and one of the following: IDS/IPS, database activity monitoring, multi-factor authentication, web content filtering, encryption, and encryption key management, DLP, change detection.
• Working knowledge of TCP/IP stack & familiarity with common protocols e.g., HTTP, FTP, SMTP, DNS.
• Familiarity with network and application threats such as DoS/DDoS, SQL injection, XSS, reconnaissance scanning, and methods to avoid detection.
• Working knowledge of compliance, and regulatory requirements, such as Payment Card Industry (PCI), Sarbanes-Oxley (SOX), and Healthcare Information Privacy Protection Act (HIPAA).
• Experience with vulnerability scanning tools such as Nessus, Acunetix, Qualys, or Metasploit a plus.
• Have scripting experience with Bash, PowerShell, or Python and the ability to use these skills to aid in responding to incidents involving Windows, Linux, and Mac hosts.
• Be familiar with the MITRE ATT& CK Framework and/or Cyber Kill Chain.
• InfoSec certification are a plus such as CISSP, CompTIA Security+, GIAC Security Essentials, & CEH
• Have strong oral and written communication skills Strong interpersonal and leadership skills.

Responsibilities:

• Triage security incidents identified by SOC analysts.
• Identify enhancement to rule sets and other tool optimization to automate reporting and reduce false positives in unified SIEM and review with manager / senior team members for implementation.
• Coordinate with SOC manager to escalate security issues to other business units including solutions development, customer hosting and corporate IT.
• Collaborate with business units to prioritize vulnerability remediation and execution of planned activities.
• Subscribe to threat intelligence services and monitor vendor alerts for major vulnerability disclosures.
• Monitoring of advanced security tools, perform analysis of dissimilar indicators, correlation of multiple sources, alert & coordination of security incidents across the environment.
• Review & analyze system logs and third-party management products to preemptively detect, take defined corrective actions and alert process/system owners to new issues.
• Assist with creation and maintenance of security incident response procedures.
• Participate in research and assist implementation of security tools used by SOC team.
• Assist SOC manager with dashboards and business reporting.
• Ready to work in rotational 24/7 shift.