Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
- Part of the SOC team that runs 24x7,on a rotating shift schedule
- Provide initial investigation of security incidents
- Conduct secondary triage and analysis on escalated events and initial remediation for escalated incidents
- Profile and trend events in the environment to determine if an incident needs to be created•Provide communication and escalation throughout the incident per the corporate security incident response guidelines
- Communicate directly with data asset owners and business response plan owners during high severity incidents
- Hunt for suspicious anomalous activity based on data alerts or data outputs from various toolsets
- Perform analysis of log files
- Take an active part in the containment of incidents, even after they are escalated
- Escalate issues when necessary
- Assist continuous improvement of processes and work with Applications teams to improve alerts and rules in the incident monitoring systems
Job Requirements
- College Degree in Computer Science or equivalent
- 2+ year prior experience in a similar position at Tier 2 SOC level
- Experience with analysis and inspection of log information, packets, and other security tool information output from a variety of sources
- Exposure to network devices, Microsoft Windows systems, UNIX systems, and other security assessment tools (NMAP, Nessus, Metsploit, Netcat, etc.)
- Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event
- Knowledge of packet capture and analysis
- Experience with log management or security information management tools
- Ability to make information security risk determinations
- Familiarity with network security zones, basic reverse engineering principles, and understanding of malware rootkits, proxies, TCP/UDP packets, DNS, SMTP, and HTTP
- Effective verbal and written communication skills