We're looking for a candidate to this position in an exciting company.
Provides Security Operations Center (SOC) leadership.
Manages shift schedules for 24x7x365 coverage.
Acts as subject matter expert on investigations.
Defines internal operating procedures.
Drives innovation on capabilities.
Establishes training programs for SOC team members and ensures that each member is progressing according to plan.
Work assigned shifts that will include 24x7x365 coverage of Tier 2 SOC duties.
Perform triage of alerts from intrusion detection systems, antivirus, cloud-based services, windows servers, network infrastructure, data loss prevention systems, and user behavior analytics.
Escalation of alerts into incidents based on their severity including prioritization of the alerts for follow on incident response (IR) activities.
Provide feedback on process improvements and how to eliminate false positive alerts from the SOC workflow.
Collaboration with Managed Service Providers and clients to deal with inbound requests for information from the SOC during normal duty hours.
Participate in ongoing skill development to build IR skills and assist in complex investigations.
Lead tech projects to improve overall security landscape.
Lead IR teams during incidents with our customers or internal business units.
Interface with our customers for various threats, concerns and issues.
Bachelor's Degree in Computer Science, Information Systems, Electrical Engineering, Computer Engineering, associated Cybersecurity field of study or equivalent experience.
Academic and/or working experience with TCP/IP networking, and networking services such as DNS, SMTP, DHCP, etc.
Advanced knowledge of Windows, MacOS, Linux-variant operating systems such as the file system structure, system services, typical behavior of endpoints and servers.
Advanced knowledge of cloud-based services such as Google GSuite and Microsoft Office 365 productivity tools.
Experience with Amazon Web Services and Microsoft Azure.
Comprehensive grasp of IR Handling procedures, Cyber Kill Chain and the MITRE ATT&CK framework.
Ability to work both independently and cooperatively with peers, across teams, and with management.
Excellent analytical skills.
Excellent communication, presentation and listening skills.
Excellent organizational and time-management skills, and the ability to multi-task and prioritize.
Flexibility and adaptability to change.
Formal cybersecurity training or certifications in relevant fields including IR, intrusion analysis, penetration testing or hands-on system administration is a plus.