Security Platform Engineer

Job Summary:

This position requires a strong background in security, security platforms, and detecting incidents while providing support for customers’ SIEM Technologies, as it’s focused-on data ingestion from multiple IaaS, PaaS and SaaS services. You will be part of a team that is directly responsible for detecting security threats across end customers. You possess a strong technical hands-on experience in delivering use cases and detection rules for multiple attack vectors. You help by developing detection methods to ensure potential threats are identified and mitigated. When end customers have a real incident, you are responsible for leading the Incident Response process by providing 24/7/365 support. 

Duties/Responsibilities:

·       Research new and existing log sources and evaluate and implement counter detection methods.

·       Develop detection rules to support alerting and response capabilities for our SOC services.

·       Continually improve Incident Response process for all customers and identify gaps.

·       Develop attack detection methods and manage these methods using tools such as Elastic/FortiSIEM/Respond

·       Conduct Attack & Defend exercises in the SOC to improve quality.

·       Advanced Threat/Malware Analysis

·       SOC Ticketing System MGMT

·       Conduct SOC Training

·       Advanced Threat Hunting

·       Investigate new products and services and make recommendations.

·       Assist SOC with customer meeting and support request.

·       Design custom dashboard for SOC to ensure faster Alarm analysis.

·       Implement and execute procedures for administration, management, and lifecycle of the SIEM.

·       Lead Incident Response engagements.

·       24x7x365 support.

Education/Experience/Certifications:

·       Bachelor's/master’s degree in cyber security or Information Security or Related Field experience.

·       CEH, CCNA or AWS Certifications (Highly Preferred)

·       2 or more years’ experience in security performing intrusion detection, analysis, incident handling, information technology or security discipline.

Skills/Abilities:

·       CompTIA Network+ or Security+ CEH is desired.

·       Experience in developing parsers and SIEM correlation rules to detect new threats beyond current capabilities.

·       Hands on experience with Windows, Unix, and Linux Operating Systems

·       Understanding of OSI layers, network protocols (IP, ICMP, TCP, UDP), network services (DNS, DHCP, HTTP), routing protocols

·       Working knowledge of Threat intelligence to interpret IOC’s and translating them for SIEM alerting.

·       Experiencing with IDS & IPS

·       Coding skills in Regex, Python, PowerShell & Bash (Highly Preferred)

·       Hands on experience with cloud architecture such AWS or Azure.

Job Requirements:

·       Requires travel as needed worldwide.

·       Requires frequent use of a laptop computer.

·       Requires frequent communication with team members and customers.