SOC Engineer

Job Summary:

The Senior SOC Engineer is a multi-faceted, challenging role that requires excellent attention to detail, the ability to effectively communicate and influence clients, develop relationships with technical and business contacts, coordinate delivering, operations, and project resources, and follow tasks through to completion. The ideal candidate would have a strong problem-solving skills and analytics aptitude. This person is a main point of contact in security posture monitoring and threat response activities and is directly responsible for troubleshooting security events. This role will provide the initial analysis during security incidents, establishing the extent of the threat, business impacts, and then advising and performing the most suitable course of action to contain and remedy the incident. The Senior IT Security Engineer must maintain a good knowledge of the threat landscape, help enhance current capabilities, and provide support in the identification of new methods of detecting threats.

Job Duties:

• Acts as a primary point of contact regarding all questions and information including progress, challenges encountered, and issues identified within the SOC
• Provides exceptional client service and develops deliverables and/or solutions to issues
• Identifies, grows, and maintains relationships with client personnel, including members of client management
• Prepares formal and informal presentations for various internal meetings
• Reviews and participates in project plans for the improvement of service delivery
• Facilitates the project plan making updates as directed by the management team
• Manages tasks closely to make sure they are being completed in a timely manner
• Documents information from internal project meetings
• Escalates any issues to senior management, as needed
• Fosters a positive demeanor, learning attitude, and client service mentality with staff
• Other duties as required

Supervisory Responsibilities:

• Supervises the day-to-day workload of Associates within the SOC to ensure that deliverables are met
• Ensures teams are trained on all relevant software
• Evaluates the performance of team members and assists in the development of goals and objectives to enhance professional development
• Delivers periodic performance feedback and completes performance evaluations for teams in accordance with Firm guidance
• Acts as mentor to team members, as appropriate
  

Qualifications, Knowledge, Skills and Abilities:

Education:

• High School Diploma or GED, required
• Bachelor's Degree in Information Technology, Cybersecurity, or Computer Science, preferred

Experience:

• Four (4) or more years examination and remediation experience with cyber security incidents or event reviews involving a range of security products and technologies, required
• Three (3) or more years of experience performing analytics examinations of logs and incidents in an IT Services environment, required
• Three (3) or more years of experience with advanced ticket management with the understanding of security logs and NOC procedures, required
• Three (3) or more years of experience with operating systems, network architecture, and products advanced knowledge, required
• One (1) or more years of experience scripting security events, required
• Three (3) or more years creating or recommending content creation in SIEM/Big Data Solutions, preferred

License(s)/Certification(s):

• Microsoft SC-900, 200, 300 preferred
• Any IT security certifications, preferred

Software:

• Experience with four (4) or more of the following, required:
  
  
  
  • Microsoft Sentinel
  • Information Security tools & packet analyses tools (e.g. CB, Wireshark)
  • Intrusion Detection (e.g. IDS/IPS tools)
  • Firewall troubleshooting
  • Strong Windows and Linux
  • Internet Protocols and Services (e.g. TCP/IP, FTP, HTTPS, SSH)
  • Networking infrastructure
  • Log analysis/ Windows event analysis
  • Network and Host basic forensics
  • Antivirus solutions
  • Troubleshooting and root cause analyses
  
  
• One (1) or more years working with any of the Detection and Response technologies, required:
  
  
  
  • Cortex XDR, XSOAR, Splunk, Elasticsearch, MISP, FireEye AX,EX,NX,CMS, security orchestrator, Cisco NGIPS/Sourcefire, Palo Alto firewall, McAfee, Cylance, Tanium, Snort, Bro, Suricata, Jupyter notebooks, EnCase, Access, Data FTK, volatility, Wireshark, Nessus/Security Center, Nmap, Metasploit pro, Windows Event forwarding, SolarWinds, Logstash, syslog, ysmon, one way data diodes, IDA Pro
  
  

Other Knowledge, Skills, & Abilities:

• Strong verbal and written communication skills
• Excellent interpersonal and client relationship skills
• Ability to work in a deadline-driven environment while handling multiple projects/tasks simultaneously with a focus on details
• Ability to multi-task while working independently or within a group environment
• Ability to work well under pressure while dealing with unexpected problems in a professional manner
• Ability to discuss technology and effectively communicate technical issues with all audiences.
• Must possess good work habits, a strong work ethic, and be able to adhere to company work hours, policies, and standard business etiquette

KEYWORDS: SOC, Networking, Security, Intrusion Detection, Windows, Linux, Internet Protocol, Network Infrastructure, Host and Network Based Forensics, Antivirus Solutions, Troubleshooting, EDR Platform, SIEM Platform, Cyber Security, Cyber, Network Operations Center, Cortex XDR, XSOAR, Splunk, Elasticsearch, MISP, FireEye AX,EX,NX,CMS, security orchestrator, Cisco NGIPS/Sourcefire, Palo Alto firewall, McAfee, Cylance, Tanium, Snort, Bro, Suricata, Jupyter notebooks, EnCase, Access, Data FTK, volatility, Wireshark, Nessus/Security Center, Nmap, Metasploit pro, sysmon, Windows Event forwarding, SolarWinds, Logstash, syslog, one way data diodes, IDA Pro.