Security Operations Center - Tier Iii

 Position Title: Security Operations Center - Tier III  (P4)

Company Summary:

Crown Castle is the nation’s largest provider of shared communications infrastructure: towers, small cells, and fiber. It all works together to meet unprecedented demand—connecting people and communities and transforming the way we do business. Whenever you make a call, track a workout or stream music and videos, we’re the ones providing the communications infrastructure that makes it all possible. From 5G and the internet of things to drones, autonomous vehicles and AR/VR, we enable the technologies that help people stay safe, connected, and ready for the future. Crown Castle is publicly traded on the S&P 500, and one of the largest Real Estate Investment Trusts in the US, with an enterprise value of ~$100B.

We offer a total benefits package and professional growth development for teammates in any stage of their career. Along with caring for our teammates, we’re an active member in the communities where we live, work, and do business. We have a responsibility to give back, which we do through our Connected by Good program. Giving back allows us to improve public spaces where people connect, promote public safety and advance access to education and technology.

Role

Under the leadership of the Manager, Security Operations Center (SOC), the SOC Analyst – Tier 3 (SOC3) will ensure delivery of the highest level of service in the support of conducting security event monitoring and analysis as well as incident response. Responsibilities will include the day-to-day (24x7) operations to include the application of analytic and technical skills to investigate intrusions, identify malicious activity and potential insider threats, and perform incident response. The SOC3 will also work other SOC and threat management staff with development and enhancement of existing detection and response capabilities including creation of SIEM content, IDS rules, SOP documentation, and implementation of incident response methodologies.

Essential Job Functions

• Perform operational 'eyes on glass' real-time monitoring and analysis of security events from multiple sources including but not limited to events from SIEM monitoring tools, network and host-based intrusion detection systems, firewall logs, system logs (Unix & Windows).
• Conduct active and passive analysis of network traffic, operating systems, and host activity across all technologies and platforms, through security tools and sandbox environments.
• Perform incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts.
• Design, deploy, and validate automations.
• Design, deploy, and validate security configurations.
• High understanding of processes related to threat correlation and mitigation.
• Process SOC tickets as well as assist in processing IT Security Helpdesk tickets.
• Responsible for responding to security incidents (malware infections, unauthorized access, malicious emails, DDoS attacks) and elevating to Threat Management team as needed.
• Analyze security event logs and alerts to determine validity, priority and impact against both security threat best practices and corporation policies.
• Evaluate the type, nature and severity of security events with a range of security event analysis tools.
• Works with Senior Enterprise Security staff as well as the Computer Security Incident Response Team on a day-to-day basis.
• Assist in defining and maintaining protocols and maturing ‘playbooks' of operational response to cyber threats.
• Develop and maintain policies, processes, and procedures to ensure reliable and effective SOC operations.
• Collaborate across organizational lines and develop depth in cyber security discipline and technologies.

Education/Certifications

• Bachelor's degree in IT or Computer Security or comparable years’ experience.
• Must have at least one of the following certifications: CISSP, CCE, PMP, GSEC, CCNA Cyber Ops, CISF-GIAC Information Security Fundamentals, CISM, CRISC, Security+, CEH and GISF
• Splunk User Certification, Splunk Power User Certification, Splunk Admin Certification, a plus

Experience/Minimum Requirements

• 5+ years of experience in IT Security monitoring
• Tier 3 incident response experience
• Experience in SIEM event auditing, log review and incident response
• IT experience in SIEM with a concentration on Linux. Windows and Linux System administration preferred

 Other Skills/Abilities

• Demonstrates a profound sense of ethics, integrity, and confidentiality
• Finds common ground and viable solutions to complex problems in a compelling manner while maintaining a professional composure
• Influences across a diverse discipline in a collaborative, risk aware manner
• Organized, responsible and highly thorough problem solver
• Proven ability to create and build new processes
• Great verbal and written communication skills and attention to detail
• Self-starter who can work independently as well as in a team setting
• Works well with people from different areas of the business
• Ability to simplify complex technical topics
• Ability to learn, understand, and apply new technologies
• Ability to design and implement effective policies to achieve consistent team results.
• Demonstrates a "learning agility" to remain current in subject matter expertise
• Experience documenting enterprise security events
• Navigate ambiguity; Is adaptable to, and champions change
• Giving and receiving effective feedback across all interactions

Organizational Relationship

Reports to:  Manager, Security Operations Center

Title(s) of direct reports (if applicable):  NA

Working Conditions: Fully-remote position working in a 24x7 response operation center setting with no exposure to adverse environmental conditions. 

This is a remote role with the expectation of on-site/in-person collaboration with teammates and stakeholders for moments that matter and may require up to 5% travel.

Additional Information: Crown Castle has a COVID-19 Vaccine Policy in place requiring vaccination by your employment start date, unless approved for an accommodation or otherwise prohibited by law.

For New York City, Colorado, California and Washington residents - The hiring range offered for this position is $100,700 - $144,700 annually. In addition to salary, employees are eligible for an annual bonus of up to 20% of annual salary and restricted stock. Employees (and their families) are eligible for medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan. Employees will also receive 18 days of paid time off each year and 12 paid holidays throughout the calendar year.

#LI-MP1

#LI-Remote