The Security Operations lead will be part of the Security Operations Center team. Primary emphasis will be placed on daily monitoring and review of network, system, and application events to identify potential security incidents.
The Security Lead may be required to:
- Monitor & analyze potential infrastructure security incidents both On-Prem and Cloud to determine if events qualify as a legitimate security breach
- Responsible for the execution of the Incident Response plans and documenting them appropriately
- Perform preliminary log collection and incident response/investigations, cyber forensics, determining the root cause of the security incidents and preserving evidence for potential legal action
- Interface with technical personnel, 3rd party MXDR vendors and other non-technical teams as required for various projects
- Initiate escalation procedure to counteract potential threats/vulnerabilities
- Appropriately inform and advise team leads and managers on incidents and incident prevention
- Document and conform to processes related to security monitoring
- Participate in knowledge sharing with other analysts and develop solutions efficiently
- Lead efforts for cyber readiness , Cyber war games, breach and attack simulations
- Responsible for managing and maintaining the integrity of the SIEM platform(s)
- Provide support as part of an on-call rotation in the Security Operations Center
- 7+ years’ experience working in a Security Incident Response.
- Experience with and knowledge of TCP/IP, Web, Linux, Windows and related technologies.
- Experience with implementing Security Information Event Management (SIEM) solutions (LogRhythm, Devo , ElasticSearch, Splunk)
- Experience reviewing and correlating raw log files in a security capacity (SEIM, AV, IDS, Firewall, Servers, Database, etc.).
- Strong understanding of regular expressions and pattern matching
- Strong understanding of monitoring of Azure & AWS environments
- Experience with command line and network tools (ping, traceroute, etc.)
- Ability to conduct packet analysis using common tools (tcpdump, Wireshark, etc.)
- Working knowledge of intrusion tools and techniques and detection methods at both the network and host level.
- Knowledge of common detection and prevention technologies such as AV, IDS/IPS, DLP, Proxy, Firewalls, etc.).