Conduct monitoring, and in some cases lead in-depth analysis of Security Operations Center (SOC) oriented alerts.
Update and maintain a repository of self created security alerting rules.
Stay up to date with current adversary tactics and apply this knowledge to internal operational countermeasures.
Brief peers and above on current Threat Response themes derived from the SOC.
Participate, and in some cases lead long term security operation projects with peers.
Serve as an escalation point for lower level analysts
Conduct comprehensive inspection activities to ensure team analysis meets or exceeds our established baseline expectations.
Conduct lessons learned for major incidents in order to better detect and/or prevent future incidents.
Requirements :
Demonstrating proven knowledge in computer networking, operating systems (both Windows and Unix based operating systems), virtualization (cloud and on-premise), and modern architecture (containers, orchestration, CI/CD, etc);
Applying incident response principles or related technical domain that is applied in the context of a broader understanding of Computer Security Incident Response Teams (CSIRT) and related systems and processes;
Contributing to the development of new technical domain subject matters;
Understanding of investigative theory and best practices for effective analysis with an ability to coach, lead, and develop others in these areas;
Exercising sound judgment in identifying security incidents, mitigation opportunities, and service improvement opportunities;
Influencing others through a small team of direct reports, through work on projects and in teams, and through leading portions of larger projects;
Understanding and application of the Cyber Kill Chain Framework, MITRE ATT&CK, and other industry frameworks;
Demonstrating progression in Threat Hunting and Detection Engineering, Penetration testing and offensive security techniques, or Malware analysis and reverse engineering.
Building proven relationships with stakeholders and colleagues;
Acting as an escalation point for junior members;
Possessing a genuine motivation to learn and grow in this field and their career;
Demonstrating proven written and verbal communication, including proper use of escalation, persuasion, briefings, and presentations.
The following certifications considered an asset: GIAC (GCFA, GCFE, GNFA, GPEN, GXPN, GMON, etc)/ Offensive Security (OSCP, OSCE), SpectreOps, Zero Point Security, etc/ Microsoft, Google, and Amazon cloud certifications
A demonstrated commitment to valuing differences, developing and coaching diverse teams, and ensuring diverse perspectives are heard