Job Summary:

The SOC Engineer is part of the Cyber team and serves as an escalation responder to security events within the Security Operations Center. The ideal candidate would have a strong problem-solving skills and analytics aptitude. This role participates in security posture monitoring and threat response activities and is directly responsible for troubleshooting security events. This role provides additional analysis during security incidents establishing the extent of the threat, business impacts, and then advising and performing the most suitable course of action to contain and remedy the incident. The SOC Engineer must maintain a good knowledge of the threat landscape, help enhance current capabilities, and provides support in the identification of new methods of detecting threats. 

Job Duties:

Monitors security event platforms and follow incident playbook for first response, triage, potential resolution, and participates in postmortem activities as required Conducts network monitoring and intrusion detection analysis using various network defense tools, such as intrusion detection/prevention systems (IDS/IPS), firewalls, host-based security systems (HBSS), Azure security, and audit log management etc. Provides proactive feedback to enable improvement of the current monitoring rules, based on information and knowledge/experience Creates daily, weekly, and monthly reports for Security Management Team Performs front line response and escalation tasks and updates runbooks and procedures as needed Compiles statistics and contributes to the improvement and creation of playbooks Uses public cyber security resources (e.g. sites/blogs/podcasts) to stay up to date with latest news, threats, and security analysis tools Participates in on-call rotation Other duties as required

Qualifications, Knowledge, Skills and Abilities:

Education

High School Diploma or GED, required Bachelor’s Degree in Information Technology, Cybersecurity, or Computer Science, preferred

Experience

Three (3) or more years of experience in infosec, cybersecurity, system or networking, required Three (3) or more years of experience of network protocols, configurations, or IT operations, required Two (2) or more years of experience within cloud technologies such as Azure, Azure Stack Azure Backups, AWS or similar cloud experience, preferred Two (2) or more years with EDR platform or SIEM Platform, preferred Experience with help desk ticketing systems and service desk management tools, preferred

License(s)/Certification(s)

Microsoft SC-900, 200, 300 preferred Any IT security certifications, preferred

Software

Experience with four (4) or more of the following, required: Microsoft Sentinel Information Security tools & packet analyses tools (e.g. CB, Wireshark) Intrusion Detection (e.g. IDS/IPS tools) Firewall troubleshooting  Strong Windows and Linux  Internet Protocols and Services (e.g. TCP/IP, FTP, HTTPS, SSH) Log analysis/ Windows event analysis Network and Host basic forensics EDR solutions Troubleshooting and root cause analyses

Other Knowledge, Skills, & Abilities

Strong verbal and written communication skills Excellent interpersonal and customer relationship skills Ability to work in a deadline-driven environment while handling multiple projects/tasks simultaneously with a focus on details Ability to react quickly, decisively and deliberately in high-stress, high-impact situations Ability to multi-task while working independently or within a group environment Ability to work well under pressure while dealing with unexpected problems in a professional manner  Ability to discuss technology and effectively communicate technical issues with all audiences. Must possess good work habits, a strong work ethic, and be able to adhere to company work hours, policies, and standard business etiquette
 

KEYWORDS: SOC, Networking, Security, Intrusion Detection, Windows, Linux, Internet Protocol, Network Infrastructure, Host and Network Based Forensics, Antivirus Solutions, Troubleshooting, EDR Platform, SIEM Platform, Cyber Security, Cyber, Security Operations Center.