Job description
Tier 1 Overflow Responsibilities:
- Develop new signatures and correlated searches based on a variety of requirements
- Document work within a security operations ticketing system
- Analyze data and events within the SIEM or SOAR for prioritization and priority elevation
- Identify data sources and analytics for inclusion into SIEM or SOAR
- Remote Client System Monitoring and Analysis
- Tracking, and reporting of security patch/upgrade implementation
- Scheduling, execution and tracking of vulnerability remediation activities
- Information gathering, port and vulnerability scanning and analysis according to policy
Tier 2 Responsibilities (Incident Response Leader):
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
- Work with client in remediation efforts
- Notify SOC manager of all elevated incidents and keep appraised of progress
- Collaborate with Tier 3 Analysts on Threat Hunting requirements
- Manage and administer the SOC tools (SIEM, SOAR, IDS, etc.)
- Develop reports and other capabilities to support the needs of our clients
- Development of security policies, processes, and procedure
- Development and delivery of presentations
- Workload estimation for new clients
- Conducting security audits
- Mentor Tier 1 Analysts to grow and assist in Tier 2 requirements
Qualifications
- 1 years of experience investigating security events and incidents or performing computer forensic analysis
- 3 years SIEM experience; 1 years SOAR experience
- 4 years of experience with Incident Response
- Experience in Critical Infrastructure OT systems and protocols to include SCADA, PLCs, etc.
- Familiarity and experience with Risk Management Frameworks
- Scripting skills in any common language (Python, Perl, Bash, or Powershell)
- Skilled at using multiple operating systems
