- Quickly understand and utilize company’s SOC technologies, including but not limited to a Security Information Event Management (SIEM) platform, Intrusion Detection System (IDS), Endpoint Detection & Response (EDR) solution, and insider threat tooling. Ability to quickly learn SIEM solution and create and/or customize dashboards to make the best use of data.
- Act as an internal expert on matters relating to intrusion detection and incident response (IR).
- Respond to security events and threats from alerting, escalations, and other sources. Be responsible for running security incident response activities – triage through recovery/closure.
- Lead complex investigations and conduct deep analysis of security events, across various company security platforms, focused on rapid containment and remediation.
- Perform Threat Hunting activities when not involved in IR activities.
- Work closely with security engineer to improve monitoring, detection, tooling, and integrations.
- Track industry cybersecurity attacks and vulnerabilities and work proactively to address cyber risks (think SolarWinds, Log4j, etc.).
- Provide high quality written and verbal reports, as required.
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a similar field preferred
- 1+ years of Security Operations Center (SOC) and Incident Response (IR) experience.
- CrowdStrike administration and advanced utilization is a big plus.
- Understands threat analysis models like MITRE ATT&CK Framework and the Cyber Kill Chain.
- Experience with variety of operating systems and threats that target them including Windows, LINUX, and MacOS.
- Cloud security experience – AWS and Office365.
- Experience with querying across large data sets to understand complicated and difficult to solve problems – this is critical to leveraging the various SOC technologies.
Commitment to Equal Opportunity