SOC Lead

US/Remote
Security
Job ID 2819

Responsibilities: 

The Security Operations lead will be part of the Security Operations Center team. Primary emphasis will be placed on daily monitoring and review of network, system, and application events to identify potential security incidents.

The Security Lead may be required to:

  • Monitor & analyze potential infrastructure security incidents both On-Prem and Cloud to determine if events qualify as a legitimate security breach
  • Responsible for the execution of the Incident Response plans and documenting them appropriately   
  • Perform preliminary log collection and incident response/investigations, cyber forensics, determining the root cause of the security incidents and preserving evidence for potential legal action
  • Interface with technical personnel, 3rd party MXDR vendors and other non-technical teams as required for various projects
  • Initiate escalation procedure to counteract potential threats/vulnerabilities
  • Appropriately inform and advise team leads and managers on incidents and incident prevention
  • Document and conform to processes related to security monitoring
  • Participate in knowledge sharing with other analysts and develop solutions efficiently
  • Lead efforts for cyber readiness , Cyber war games, breach and attack simulations 
  • Responsible for managing and maintaining the integrity of the SIEM platform(s) 
  • Provide support as part of an on-call rotation in the Security Operations Center

 

 Required Qualifications

  • 7+ years’ experience working in a Security Incident Response.
  • Experience with and knowledge of TCP/IP, Web, Linux, Windows and related technologies.
  • Experience with implementing Security Information Event Management (SIEM) solutions (LogRhythm, Devo , ElasticSearch, Splunk)
  • Experience reviewing and correlating raw log files in a security capacity (SEIM, AV, IDS, Firewall, Servers, Database, etc.).
  • Strong understanding of regular expressions and pattern matching
  • Strong understanding of monitoring of Azure & AWS environments
  • Experience with command line and network tools (ping, traceroute, etc.)
  • Ability to conduct packet analysis using common tools (tcpdump, Wireshark, etc.)
  • Working knowledge of intrusion tools and techniques and detection methods at both the network and host level.
  • Knowledge of common detection and prevention technologies such as AV, IDS/IPS, DLP, Proxy, Firewalls, etc.).

Senior Security Engineer

US/Remote
Security
Job ID 2776

Responsibilities: 

The Senior Security Engineer will be responsible for developing and implementing security solutions, including but not limited to: access management, cryptography, data loss prevention (DLP), emerging technologies (i.e., cloud, mobile, etc.) endpoint security, malware analysis and protection, incident response, network and perimeter security, web, and mobile application security spanning global footprints, offices, datacenters, and business units.   In addition, this role will be serve as a resource cross-functionally to share security insight and best practices with other teams, ensuring security best practices are incorporated into the design, build, and deployment of the iconectiv’ s public and private infrastructure. 

Requirements:

Candidates for this role must have direct experience with the following:

  • Deep understanding of security fundamentals, including operating systems, networking, virtualization, identity and access management, and security countermeasures.
  • Strong understanding of Application Security testing, Oauth frameworks, OWASP top 10, and Penetration Testing.
  • The ability to analyze and evaluate the design and operating effectiveness of IT and security controls to secure systems from intentional or inadvertent modification, and to evaluate established practices against regulatory and industry benchmarks.
  • Experience with many of the following technologies: Web Application Firewall, DLP, HIPS, NAC, File Integrity, ETDR tools, Enterprise anti-malware solutions, Wireless Security.
  • Knowledge concerning Information Security and Information Technology industry risks, solutions, and mitigating controls
  • The candidate will act as a primary stakeholder in Change Management Approval Board, and the organization’s system engineering function. 

 

In addition, a qualified candidate must have:

  • 8 years of related experience with a Bachelor’s degree; or equivalent experience.
  • Excellent verbal and written communication and public speaking skills
  • Security certifications such as CISSP, CISM, GIAC, CISA, CRISC, are preferred
  • The ability to obtain a government security clearance.
  • Accomplishments maintaining professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies
  • Experience with the following industry/regulatory requirements and frameworks: ISO27001, SOC2, PCI/DSS, SOX, NIST 800-53, NIST CSF

Additional Skills:

  • Having broad expertise or unique knowledge, uses skills to contribute to development of company objectives and principles and to achieve goals in creative and effective ways.
  • Works on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results.
  • Acts independently to determine methods and procedures on new or special assignments. May supervise the activities of others.
Subscribe to Security