Cradlepoint is seeking a highly skilled and dedicated Security Specialist to join our Cyber Defense Center (CDC) within Group Security. This role is integral to defending Cradlepoint from cyberattacks originating from external threat actors. You will be responsible for 24x7 security monitoring, incident handling, and proactive threat detection across a complex network. The ideal candidate will possess deep expertise in incident response, threat hunting, and a strong understanding of various security technologies across on-premises and multi-cloud environments.
What You Will Do: Key Responsibilities
- 24x7 Security Monitoring and Incident Handling: Provide continuous security monitoring and conduct end-to-end triage and investigation of all threat detections originating from various technologies across a complex network.
- Incident Response Participation: Actively participate in the full lifecycle of security incidents, from initial detection to containment, eradication, and recovery.
- Detection Analytics Development: Support the use case development of detection analytics to enhance our security monitoring capabilities and improve threat identification.
- Threat Research: Conduct in-depth research into new and emerging threats, actively identifying new Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs).
- Shift Work & Handover: Work effectively in shifts, ensuring efficient and accurate handover procedures to maintain continuous security coverage.
- Process Improvement: Identify and propose improvements in automation and investigation procedures to enhance efficiency and effectiveness within the CDC.
- Collaboration with Red Team: Work collaboratively with the Red Team to identify gaps or weaknesses in existing security coverage and propose remediation strategies.
- Threat Hunting Use Case Creation: Create compelling threat hunting use cases informed by in-depth security research and current threat intelligence.
- SLA Adherence: Strictly adhere to defined Service Level Agreements (SLAs) for all security investigations, ensuring timely responses and resolutions.
Required Qualifications
- A minimum of 7 to 12 years of experience working within a Security Operations Center (SOC) or Managed Security Services (MSS) environment.
- Strong organizational and project management skills.
- Excellent documentation skills for reports, procedures, and incident records.
- A positive can-do attitude with the ability to work effectively at odd hours and constructively under pressure.
- Experience working across different cultures in a global setting and collaborating with diverse stakeholders.
- Impeccable integrity and a proven track record of working with sensitive information securely.
Technical Competencies
- Incident Response Process: In-depth understanding and practical experience with the full Incident Response Process.
- Core Networking Skills: Strong fundamental knowledge of networking concepts and protocols.
- Forensics: Proficiency in Live Windows, Linux, and Memory Forensics.
- Active Directory Analysis: Expertise in Active Directory analysis for security investigations.
- Network Threat Hunting: Proven skills in performing Network Threat Hunting.
- Vulnerability Management: Basic understanding of Vulnerability Management principles.
- Cloud Incident Response: Demonstrable experience with Incident Response in leading public Cloud environments including Azure, AWS, and GCP.
- Microsoft Azure Security: Extensive experience with Microsoft Azure Cloud, including Azure Sentinel, the Microsoft security stack (e.g., Defender for Cloud, Defender for Identity, Defender for Office 365), MS Graph API, and Entra ID (Azure AD).
- Amazon Web Services (AWS) Security: Experience with AWS security tools such as Security Hub, AWS GuardDuty, AWS Macie, and AWS CloudTrail.
- Google Cloud Platform (GCP) Security: Familiarity with GCP security tools such as Chronicle and Security Command Center.
- Email Threat Triage: Ability to triage and investigate email threats using platforms like Microsoft EOP, Trellix, and Proofpoint.
- Security Products: Working knowledge of leading Security products including Endpoint Detection and Response (EDR), Identity Threat Detection and Response (ITDR), and Network Detection and Response (NDR) from leading vendors such as Trellix, CrowdStrike, Microsoft Defender for Endpoint, and Vectra.
- IT Security and Risk Management: Experience in broader IT Security and Risk Management principles.
Certifications (Added Advantage)
- Security-related certifications such as SANS GCIH, GCIA, GMON, GREM, CEH, CISSP, CHFI, and other relevant Incident Response certifications are highly desirable
