Job Description

CYBERSECURITY THREAT VULNERABILITY ENGINEER / THREAT RESPONSE ENGINEER FOR LARGE ESTABLISHED INDUSTRY LEADER

The Senior Threat Detection & Response Engineer will serve as a technical expert inside the Security Operations Center (SOC). The Senior TDR Engineer builds, tests, maintains, and troubleshoots security alerts for use by the SOC, and supports complex investigations as necessary. The Senior TDR Engineer will make decisions and recommendations on implementing and improving security monitoring, and will contribute to successful operations within the SOC.

Successful candidates will demonstrate a strong business acumen and possess a blend of general business, technology and security competencies. This is a unique opportunity to work for a telecommunications company protecting national critical infrastructure.

Primary Responsibilities:

• Write detection signatures, tune systems / tools, develop automation scripts and correlation rules.

• Maintain knowledge of adversary Tactics, Techniques, and Procedures (TTP).

• Troubleshoot problems with log parsing and SIEM configuration.

• Maintain internal knowledge bases such as mapping of detections to MITRE ATT&CK matrices, kill chains, and other attack models.

• Work with internal teams to onboard new log sources and develop threat models.

• Identify and hunt threats.

• Contribute to projects, meetings, and ad-hoc requests.

• Support and train TDR analysts.

• Support development of SOC standard operating procedures and processes.

• Four or more years of technical experience in the information security field.

• Four or more years of practical experience in an incident response role.

• Experience in the application of Incident Response methodologies.

• Experience working with a SIEM with the ability to understand and modify threat detection rules.

• Experience with open source intelligence OSINT feeds.

• Strong knowledge and experience with the Windows and Linux operating systems.

• Working knowledge of cloud technologies such as Amazon, Azure and Google.

• Experience using Python, PowerShell, or equivalent scripting language.

• Strong knowledge of network protocols, web servers, authentication mechanisms, anti-virus and server applications.

• Ability to execute under pressure.

• Ability to perform independent analysis, distill relevant findings and root cause.

• Ability to communicate complex ideas clearly and effectively using written and verbal communication.

Preferred:

• BS in Computer Science, Information Systems, Engineering, etc.
• Cloud technology experience and incident response techniques.
• Experience with endpoint security agents (Carbon Black, Crowdstrike, etc.).
• Maintains an industry certification such as GCIH, CCIA, GIAC, CISSP, or CISM.
• Experience with network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump, etc.) and analysis techniques.