SUMMARY
The Security Engineer II GSOC is responsible for all aspects of onboarding and troubleshooting for SentinelOne and AlienVault for all MDR engagements.
The Security Engineer II GSOC provides onboarding support, SentinelOne agent installation, troubleshooting the issues if any, sensor deployments in AlienVault and deployment of other components in SIEM solutions, log source onboarding in SIEM, and related activities for all active engagements. The Security Engineer II GSOC supports overall implementation by providing necessary support for current matters. The Security Engineer II GSOC role takes direction on what is needed regarding all aspects of SentinelOne and AlienVault for the engagements. The Security Engineer II GSOC works with the MDR team to support SentinelOne installations, interoperability issues, exclusions, whitelisting, and overall troubleshooting. The Security Engineer II GSOC ensures that SentinelOne is deployed to a client’s environment they are fully protected by it and clients opting for SIEM solutions are aptly covered from security standpoint.
ROLES & RESPONSIBILITIES
-
Communicates with the client to initiate the onboarding
-
Manages the project governance and leads weekly/monthly status call with client to ensure there are no gaps
-
Acts as the first escalation point of contact to ensure all the issues are tracked and resolved in timely manner
-
Tracks all SentinelOne-related inquiries and tasks for all running projects
-
Trains team members on SentinelOne and its related component and engages with clients as needed to showcase the demonstration of new features
-
Leads technical training and acclimation for clients to familiarize themselves with the SentinelOne interface and functionalities
-
Drives all AlienVault deployments with customers
-
Ensures and creates use case preparation on the tool
-
Develops custom parsers for applications to onboard them to SIEM solutions
-
May perform other duties as assigned by management
SKILLS AND KNOWLEDGE
-
General understanding of API queries
-
General understanding of scripting
-
General understanding of developing PowerShell scripts and writing batch files for ad hoc requirements
-
Thorough understanding of Windows and Unix Intervals
-
General understanding of information security
-
Thorough understanding of analysis techniques for reviewing large datasets
-
General understanding of TCP/IP and OSI Model
-
Thorough understanding of the Incident Response Life Cycle (Preparation, Identification, Containment, Eradication, Recovery, Lesson Learned)
-
General understanding of the MITRE ATT&CK framework
-
Ability to communicate in both technical and non-technical terms both oral and written
-
General understanding of:
-
Network Security Monitoring (NSM), network traffic analysis, and log analysis
-
Penetration Testing / Vulnerability Scanning
-
Thorough understanding of enterprise security controls in Active Directory / Windows environments
-
Experience with hands-on penetration testing against Windows, Unix, or web application targets
JOB REQUIREMENTS
-
Bachelor’s degree and 4-8 years of IT security-related experience or Master’s or advanced degree and 3+ years related experience
-
Current or previous experience with Endpoint Detection and Response (EDR) toolsets
-
SOC/CIRT team experience
-
Applied knowledge in at least one scripting or development language (such as Python)
DISCLAIMER
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.
WORK ENVIRONMENT
While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
-
No physical exertion required
-
Travel within or outside of the state
-
Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects
TERMS OF EMPLOYMENT
Salary and benefits shall be paid consistent with Arete salary and benefit policy.
FLSA OVERTIME CATEGORY
Job is exempt from the overtime provisions of the Fair Labor Standards Act.
DECLARATION
The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.
EQUAL EMPLOYMENT OPPORTUNITY
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Arete Incident Response is an outstanding (and growing) company with a very dedicated, fun team. We offer competitive salaries, fully paid benefits including Medical/Dental, Life/Disability Insurance, 401(k) and the opportunity to work with some of the latest and greatest in the fast-growing cyber security industry.
When you join Arete…
You’ll be doing work that matters alongside other talented people, transforming the way people, businesses, and things connect with each other. Of course, we will offer you great pay and benefits, but we’re about more than that. Arete is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Arete, where experience matters.
Equal Employment Opportunity
We’re proud to be an equal opportunity employer- and celebrate our employees’ differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
