Job Description
Our client is seeking an enthusiastic and motivated individual to provide Managed Cyber Security Services to their valued customers. As a key member of the Optimization Engineering & Analytics team, you will be part of an integral group that is dedicated to protecting system resources from cyber-attacks and other online threats that could have devastating consequences for millions of end users.
Successful candidates will demonstrate foundational Network Security and System Administration with an advanced understanding across Endpoint Protection, Endpoint Detection & Response, SIEM, Vulnerability Management, Identity Access Management, and Security Automation.
KEY RESPONSIBILITIES:
• Provide client-facing support of their managed security services, including adherence and development of processes and procedures.
• Assist with the integration, deployment, on-boarding and management of security tools and platforms including but not limited to Trellix, CrowdStrike, Rapid7, and Microsoft Security.
• Actively identify areas of improvement within the processes of the Security Operations engineering with the goal of decreasing response times, increasing effectiveness, eliminating waste, and streamlining operations.
• Create well documented and clearly articulated code/scripts, process, and service documentation.
• Perform health checks and optimization activities on client security technologies or systems.
• Determine information security risk and facilitate remediation actions of identified vulnerabilities and security risk across the enterprise.
• Generate security reports related to compliance, security posture, and configurations.
• Collaborate with technology architecture teams by performing security analysis of proposed architectures, providing risk assessment feedback, including security requirements.
• Interact with project teams to provide advice on security and assist with compensating control alternatives where security requirements cannot be met.
• Manage SIEM platforms for customer environments
o Oversee and operate on-boarding procedures
o Ensure data pipeline is setup
o Work with SOC Analysts to ensure appropriate parsars and detection rules are applied
o Setup SIEM Alerting is configured to notify SOC Analysts
o Continuous improvement and optimization
• Manage enpoint security software for customer environments
o Oversee and operate on-boarding procedures
o Ensure all endpoint agents are up to date and fully in compliance
o Continuous improvement and optimization
MINIMUM QUALIFICATIONS
• 3+ years of IT experience.
• 3+ years of Cyber Security experience.
• Advanced operating systems experience, in 2 or more of the following, Microsoft, MacOS, Linux.
• General network security and troubleshooting knowledge.
• In-depth knowledge of TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS, and HTTP Protocols.
• Good knowledge of common malware threats and attack methodologies.
• Passionate about tools/technologies.
• Able to work under general to minimal supervision.
PREFERRED QUALIFICATIONS
• 3+ years of experience with endpoint security tools (Trellix ePO, Trellix ENS, Trellix EDR, Trellix HX, CrowdStrike, Microsoft Defender, Microsoft ATP, SentinelOne).
• 3+ years managing security endpoints.
• 3+ years of experience with SIEM management and tuning in one or more of the following: LogScale formerly Humio, CrowdStrike NG-SIEM, Splunk, Trellix Helix, Trellix ESM, Azure Sentinel, Elastic SIEM, Chronical, or QRadar.
• Foundational scripting knowledge preferred in any of the following: PowerShell, Python, Bash.
• Experience with Windows patch management tools (Automox, SCCM, SolarWinds, GFI Languard, etc.) a plus.
• Experience with Microsoft Intune.
• Certifications a plus: CEH, CRISC, CISA, CGEIT, CISSP, CIPP, GMON, GHIA, GCIH.
• Bachelor’s Degree (Math, CS, and Engineering), preferred.
• Excellent knowledge of security methodologies, processes (i.e., Cyber Kill Chain and the MITRE ATT&CK framework).
