Vacancy caducado!
- Write detection signatures, tune systems / tools, develop automation scripts and correlation rules.
- Maintain knowledge of adversary Tactics, Techniques, and Procedures (TTP).
- Troubleshoot problems with log parsing and SIEM configuration.
- Maintain internal knowledge bases such as mapping of detections to MITRE ATT&CK matrices, kill chains, and other attack models.
- Coordinate with and support work by third parties such as Managed Security Service Providers (MSSPs) and professional service providers.
- Work with internal teams to onboard new log sources and develop threat models.
- Identify and hunt threats within the Cox environment.
- Contribute to projects, meetings, and ad-hoc requests.
- Support and train TDR analysts.
- Support development of SOC standard operating procedures and processes.
- Detect and respond to workstation, server and network incidents using SIEM, behavioral analytics, and network analysis.
- Review and respond to escalated security events from TDR analysts.
- Respond to service provider network attacks affecting Cox critical network infrastructure and the cloud environment.
- Four or more years of technical experience in the information security field.
- Four or more years of practical experience in an incident response role.
- Experience in the application of Incident Response methodologies.
- Experience working with a SIEM with the ability to understand and modify threat detection rules.
- Experience with open source intelligence OSINT feeds.
- Strong knowledge and experience with the Windows and Linux operating systems.
- Working knowledge of cloud technologies such as Amazon, Azure and Google.
- Experience using Python, PowerShell, or equivalent scripting language.
- Strong knowledge of network protocols, web servers, authentication mechanisms, anti-virus and server applications.
- Ability to execute under pressure.
- Ability to perform independent analysis, distill relevant findings and root cause.
- Ability to communicate complex ideas clearly and effectively using written and verbal communication.
- BS in Computer Science, Information Systems, Engineering, etc.
- Cloud technology experience and incident response techniques.
- Experience with endpoint security agents (Carbon Black, Crowdstrike, etc.).
- Maintains an industry certification such as GCIH, CCIA, GIAC, CISSP, or CISM.
- Experience with network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump, etc.) and analysis techniques.
- Experience with host-based detection and prevention suites (Microsoft SCEP, Carbon Black Response, OSSEC, etc.).
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.
Vacancy caducado!