SOC - Senior Engineer

Purpose/Objective

The person is responsible for leading incident investigation and taking remediation action for other teams. This role requires hands-on technical expertise and ability to communicate effectively the person is responsible for the collection, analysis and validation of all Security information and event activities that impact the organization either from within the network or outside its network.

Key Responsibilities of Role

Responsible for handling day-to day operations to monitor, identity, triage and investigate security events from various Endpoint (EDR), Network and Cloud security tools and detect anomalies, and report remediation actions. Responsible for detecting and responding to security incidents, coordinating cross-functional teams to mitigate and eradicate threats. Effectively investigative and identify root cause findings then communicate findings to stakeholders including technical staff, and leadership. Work with key stakeholders to implement remediation plans in response to incidents. Author Standard Operating Procedures (SOPs) and training documentation when needed. Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty. Responsible for working in a 24/7 environment including night shifts and the shifts are decided based on the business requirement. Conduct malware analysis, host and network, forensics, log analysis, and triage in support of incident response. Security Utilize state of the art technologies such as host forensics tools (FTK/Encase), Endpoint Detection & Response tools, log analysis (Sentinel) and network forensics (full packet capture solution) to perform hunt and investigative activity to examine endpoint and network-based data. Recognize attacker and APT activity, tactics, and procedures as indicators of compromise (IOCs) that can be used to improve monitoring, analysis, and incident response. Develop and build security content, scripts, tools, or methods to enhance the incident investigation processes.

Technical Competencies

Incident Detection and Response,Digital Forensics and Malware Analysis,Security Tools and Technologies,Scripting and Automation for Security Operations

Qualifications and Experience

Educational qualifications: Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent). Advanced certification desirable GCIH, GCIA, GCFE, GREM, GCFA, GSEC Experience: Minimum 5-10 years in an Incident Responder/Handler role Strong experience in SIEM (Security Incident and Event Monitoring) processes and Products (e.g., ArcSight, Microsoft Sentinel etc.) Full understanding of Tier 1 responsibilities/duties and how the duties feed into Tier 2. The ability to take lead on incident research when appropriate and be able to mentor junior analysts. Advanced knowledge of TCP/IP protocols Knowledge of Windows, Linux operating systems Knowledge of Intrusion Detection Systems (IDS) and SIEM technologies; Splunk or Sentinel experience Knowledge on threat hunting Deep packet and log analysis Some Forensic and Malware Analysis Cyber Threat and Intelligence gathering and analysis. Bachelor’s degree or equivalent experience