SOC Security Engineer

Description of the Position:

SOC Security Engineer

Our Incident Response, Security Engineering, and Defense Analytics team work together to provide world-class detection and response services critical to business operations, legal compliance, and public relations. Our Security Engineering branch configures, deploys, and manages a wide range of security hardware appliances and software solutions including firewalls, routers, switches, VPN, servers, IOT/SCADA, multipurpose devices and more in the cloud and on-premises alike. Security solutions require specialized knowledge, insight, and care beyond traditional system administration.

Responsibilities:

Intern

• Internships are expected to last a duration of 6 months and may lead to an offer for a Junior position.
• Become familiarized with the work environment and gain necessary exposure and skills to operate at 80% of a full-time employee.
• Use any available downtime to test documented procedures and/or study for one of the following certifications: CompTIA Sec+, CompTIA A+, CompTIA N+, EC-Council CEH, Linux Essentials PDC, Cisco CCT, Microsoft MTA, Apple ACA, GIAC GISF or a similar professional security certification.
• Spend anywhere from 16-40 hours a week alongside full-time employees as higher education schedule allows.

Junior

• Regularly scope and deploy various security technologies.
• Troubleshoot, support, and maintain client security applications including SIEM, SOAR, Network IDS/IPS, Host IDS/IPS, Network Firewall, Host Firewall, Web Application Firewall, EDR, AV, DLP, Identity & Access Management, Web Proxy, Email Security.
• Identify and address the needs of internal and external customers through market research, competitive analysis, and customer engagement.
• Identify areas of security controls improvement within client environments that aligns with industry and vendor best practices.
• Consistently provide professional-quality customer service.
• Regularly track work in a ticketing/tracking system with a thoroughness acceptable for knowledge base use and customer consumption.
• Maintain high level of technical expertise with products in use and the ability to quickly familiarize with related technologies.
• Stay informed of breaking news and industry best practices from multiple reliable sources and share findings.
• Attend and contribute to regular team meetings.

Associate

• Utilize CipherTechs lab to test product changes and share findings regarding malware and threat research.
• Perform system upgrades, patches, and hotfixes, sometimes after normally defined work hours.
• Write parsers, scripts, and develop other solutions to accomplish or improve log ingestion, multi-device management, and other related challenges.
• Aid in onboarding and mentoring new team members.
• Drive and Implement continuous improvement, open communication, and sharing of knowledge.
• Assist with creation, review, and upkeep of internal documentation.
• Facilitate reasonable out-of-hours communications such as company email and occasional SOC operations related phone calls to resolve escalated issues.
• Actively encourage team collaboration, cross-training, and documentation.
• Act as a primary subject matter expert for one or more security products.
• Act as escalation point for complicated or sensitive work.

Senior

• Maintain CipherTechs lab to facilitate regular SOC-related product evaluations, testing, and training grounds.
• Write advanced API's to interconnect systems with the goal of improving services provided.
• Ensure that team members are following best practices and documented procedures.
• Supervise and assist with team access and credentials to customer environments.
• Act as a primary technical point of contact with customers.
• Ensure customer Service Level Agreements are consistently met or exceeded and identify areas of improvement.
• Assist or lead in onboarding new customers and other projects.
• Act as escalation point for highly complicated or sensitive work.
• Act as a primary subject matter expert for multiple security products.

Requirements:

All Levels of Seniority

• Demonstrated experience with the security industry including an understanding of best practices, risk mitigation, and compliance frameworks.
• Able to function effectively in high stakes and high stress situations.
• Legally capable of working in the US, Canada or EU.
• Follow a continuous education program and maintain one or more relevant professional certifications.
• Ability to quickly find answers to questions referencing manuals and/or Internet resources.
• Fluent in English in both writing and speech (i.e. writing, reading, speaking, and understanding).

Junior

• 1-year experience performing similar duties.
• Obtain within 1 year and maintain at least of the following certifications (other intermediate certifications will be considered): GSEC, GCIH, CySA+, GCIA, GCFA, CCENT, GCCC

Associate

• Experienced in security product service deployment and maintenance.
• 2 years’ experience performing similar duties.
• Obtain within 1 year and maintain at least one of the following certifications (other advanced certifications will be considered): GCED, GMON, GCFE, GFCA, CCNA, CCDA

Senior

• Experienced in security product service deployment and maintenance.
• 5-years' experience performing similar duties.
• Obtain within 1 year and maintain at least one of the following certifications (other expert certifications will be considered): GCDA, GSLC, SSCP, OSCP, GNFA, CCNP, CCIE, GSNA.

Preferred Background:

• One or more security-related certifications from any of the following organizations: GIAC, ISC(2), CompTIA, EC-Council, Offensive Security, PMI, Cisco, Microsoft, Apple, Amazon
• A valid passport.
• Bachelor of Information Technology, Computer Science, Computer Engineering, Cybersecurity, Communications, Business or other related fields of study.
• Demonstrates a personal interest in cybersecurity outside work hours.
• Experience with regular expressions.
• Experience writing security product signatures, alerts, etc.
• Experience in an MSSP environment or performing similar duties.
• Experience with deploying, maintaining, or using one or more of the following Security Solutions: SIEM, SOAR, Network IDS/IPS, Host IDS/IPS, Network Firewall, Host Firewall, Web Application Firewall, EDR, AV, DLP, Identity & Access Management, Web Proxy, Email Security
• Programming experience in machine, assembly, high-level, scripting languages.
• Experienced in reviewing event logs.

Benefits:

• 401K with 4% match after six months on the job.
• Partial telephone or Internet reimbursement.
• Health insurance with one or more care providers to select from (including dental & vision).
• Performance-based individual and group annual bonuses.
• Continuing professional education at the cost of CipherTechs.
• Ability to work from home on some duty days (for employees that report daily to a physical office).

Loc​ation:

Work may be conducted from one of our offices below; fully remote work will be considered. Less than 10% travel is expected.

90 Broad Street
5th Floor
New York, NY 10004
USA

Hebron House
MacDonagh Junction
Kilkenny City, R95 T91Y
Ireland