Description of the Position:
SOC Security Engineer
Our Incident Response, Security Engineering, and Defense Analytics team work together to provide world-class detection and response services critical to business operations, legal compliance, and public relations. Our Security Engineering branch configures, deploys, and manages a wide range of security hardware appliances and software solutions including firewalls, routers, switches, VPN, servers, IOT/SCADA, multipurpose devices and more in the cloud and on-premises alike. Security solutions require specialized knowledge, insight, and care beyond traditional system administration.
- Internships are expected to last a duration of 6 months and may lead to an offer for a Junior position.
- Become familiarized with the work environment and gain necessary exposure and skills to operate at 80% of a full-time employee.
- Use any available downtime to test documented procedures and/or study for one of the following certifications: CompTIA Sec+, CompTIA A+, CompTIA N+, EC-Council CEH, Linux Essentials PDC, Cisco CCT, Microsoft MTA, Apple ACA, GIAC GISF or a similar professional security certification.
- Spend anywhere from 16-40 hours a week alongside full-time employees as higher education schedule allows.
- Regularly scope and deploy various security technologies.
- Troubleshoot, support, and maintain client security applications including SIEM, SOAR, Network IDS/IPS, Host IDS/IPS, Network Firewall, Host Firewall, Web Application Firewall, EDR, AV, DLP, Identity & Access Management, Web Proxy, Email Security.
- Identify and address the needs of internal and external customers through market research, competitive analysis, and customer engagement.
- Identify areas of security controls improvement within client environments that aligns with industry and vendor best practices.
- Consistently provide professional-quality customer service.
- Regularly track work in a ticketing/tracking system with a thoroughness acceptable for knowledge base use and customer consumption.
- Maintain high level of technical expertise with products in use and the ability to quickly familiarize with related technologies.
- Stay informed of breaking news and industry best practices from multiple reliable sources and share findings.
- Attend and contribute to regular team meetings.
- Utilize CipherTechs lab to test product changes and share findings regarding malware and threat research.
- Perform system upgrades, patches, and hotfixes, sometimes after normally defined work hours.
- Write parsers, scripts, and develop other solutions to accomplish or improve log ingestion, multi-device management, and other related challenges.
- Aid in onboarding and mentoring new team members.
- Drive and Implement continuous improvement, open communication, and sharing of knowledge.
- Assist with creation, review, and upkeep of internal documentation.
- Facilitate reasonable out-of-hours communications such as company email and occasional SOC operations related phone calls to resolve escalated issues.
- Actively encourage team collaboration, cross-training, and documentation.
- Act as a primary subject matter expert for one or more security products.
- Act as escalation point for complicated or sensitive work.
- Maintain CipherTechs lab to facilitate regular SOC-related product evaluations, testing, and training grounds.
- Write advanced API's to interconnect systems with the goal of improving services provided.
- Ensure that team members are following best practices and documented procedures.
- Supervise and assist with team access and credentials to customer environments.
- Act as a primary technical point of contact with customers.
- Ensure customer Service Level Agreements are consistently met or exceeded and identify areas of improvement.
- Assist or lead in onboarding new customers and other projects.
- Act as escalation point for highly complicated or sensitive work.
- Act as a primary subject matter expert for multiple security products.
All Levels of Seniority
- Demonstrated experience with the security industry including an understanding of best practices, risk mitigation, and compliance frameworks.
- Able to function effectively in high stakes and high stress situations.
- Legally capable of working in the US, Canada or EU.
- Follow a continuous education program and maintain one or more relevant professional certifications.
- Ability to quickly find answers to questions referencing manuals and/or Internet resources.
- Fluent in English in both writing and speech (i.e. writing, reading, speaking, and understanding).
- 1-year experience performing similar duties.
- Obtain within 1 year and maintain at least of the following certifications (other intermediate certifications will be considered): GSEC, GCIH, CySA+, GCIA, GCFA, CCENT, GCCC
- Experienced in security product service deployment and maintenance.
- 2 years’ experience performing similar duties.
- Obtain within 1 year and maintain at least one of the following certifications (other advanced certifications will be considered): GCED, GMON, GCFE, GFCA, CCNA, CCDA
- Experienced in security product service deployment and maintenance.
- 5-years' experience performing similar duties.
- Obtain within 1 year and maintain at least one of the following certifications (other expert certifications will be considered): GCDA, GSLC, SSCP, OSCP, GNFA, CCNP, CCIE, GSNA.
- One or more security-related certifications from any of the following organizations: GIAC, ISC(2), CompTIA, EC-Council, Offensive Security, PMI, Cisco, Microsoft, Apple, Amazon
- A valid passport.
- Bachelor of Information Technology, Computer Science, Computer Engineering, Cybersecurity, Communications, Business or other related fields of study.
- Demonstrates a personal interest in cybersecurity outside work hours.
- Experience with regular expressions.
- Experience writing security product signatures, alerts, etc.
- Experience in an MSSP environment or performing similar duties.
- Experience with deploying, maintaining, or using one or more of the following Security Solutions: SIEM, SOAR, Network IDS/IPS, Host IDS/IPS, Network Firewall, Host Firewall, Web Application Firewall, EDR, AV, DLP, Identity & Access Management, Web Proxy, Email Security
- Programming experience in machine, assembly, high-level, scripting languages.
- Experienced in reviewing event logs.
- 401K with 4% match after six months on the job.
- Partial telephone or Internet reimbursement.
- Health insurance with one or more care providers to select from (including dental & vision).
- Performance-based individual and group annual bonuses.
- Continuing professional education at the cost of CipherTechs.
- Ability to work from home on some duty days (for employees that report daily to a physical office).
Work may be conducted from one of our offices below; fully remote work will be considered. Less than 10% travel is expected.
90 Broad Street
New York, NY 10004
Kilkenny City, R95 T91Y