About the job
Requirements
Job Description
10 or more years of full-time professional experience in the Information Security field
Experience working in a Security Operations Center (SOC), Managed Security Service (MSS), or enterprise network environment.
Investigate events and incidents to gather evidence and analyze in a comprehensive, consistent, and measurable manner.
Evaluate, respond, and mitigate alerts that originate from the SIEM and other security tools.
Hunt for suspicious and malicious threats within the environment
Identify common false positives and make suggestions on tuning to reduce alert-fatigue.
Join forces with the internal Security Incident Response Team (SIRT) during investigations.
Author investigation reports for technical and non-technical audience
Qualifications
Queue management
Experience with SIEM platforms preferred
Familiarity with web-based attacks and the OWASP Top 10 at a minimum
Attack vectors and exploitation
Direct (E.g. SQL Injection) versus indirect (E.g. cross-site scripting) attacks
Familiarity with SANS top 20 critical security controls
Understand the foundations of enterprise Windows security including:
Active Directory
Windows security architecture and terminology
Privilege escalation techniques
Common mitigation controls and system hardening
Experience monitoring EDR, Anti-Virus (AV) and Host Based Intrusion Prevention (HIPS)
Experience in monitoring at least one commercial AV solution
Ability to identify common false positives and make suggestions on tuning
Understanding of root causes of malware and proactive mitigation
Propagation of malware in enterprise environments
Familiarity with web-based exploit kits and the methods employed by web-based exploit kits
Familiarity with concepts associated with Advanced Persistent Threats and “targeted malware”
Understanding of malware mitigation controls in an enterprise environment.
Network Based Attacks / System Based Attacks
Denial of Service Attacks
HTTP Based DoS Attacks
Network Based DoS Attacks
Brute force attacks
Covert channels, egress, and data exfiltration techniques
Desired Qualifications
Experience working with Incident Ticketing Systems
General security knowledge (GCIA, CISSP or other security certifications).
Any Graduate