Job description
Job Title: Computer Consultant 5-SOC Engineer
Location: 9 Metro Tech Center, Brooklyn, 11201 (On-site)
Mode of hire- Contract
Duties:
Lead Incident Management activities to monitor and resolve incidents
- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
- Conduct threat analysis and assessments on network/systems. Monitor, maintain, update, and secure FDNY infrastructure.
- Establish, maintain and execute all components of an incident response plan, including run books, from incident intake through root cause analysis, technical remediation analysis, and reporting
- Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system (IDS) logs) to identify possible threats to network security.
- Execute cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
- Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
- Accurately documenting an incident from beginning to end as well as evidence handling.
- Write, test, and implement IOC's and IR alerts within the cybersecurity tools
- Collaborate with IT and Cybersecurity team members to onboard system and applications logs in the central logging system
- Utilize endpoint security tools like CrowdStrike, McAfee, RSA NetWitness, NetBrain for threat hunting
- Strong knowledge of Proxy Web Gateway
- Utilize m onitoring tools like Armis, Extrahop, Splunk, Secureworks and McAfee IDS/IPS, McAfee Proxy Gateway, Secureworks Taegis Platform, Netwrix, Extrahop, Firewalls (Palo Alto, Fortinet) etc.
- Use vulnerability management tools like Nessus, Rapid 7 and penetration tools like Core Insight, NMAP, Netcat, and Metasploit
- Be a power user of Splunk SEIM
- Perform root cause analysis
Minimum requirements:
- 5+ years of work experience in SOC as a Threat Intelligence or Incident Response Analyst
- Strong experience performing threat hunting and incident response using Splunk and cybersecurity management tools
- Deep understanding of computer intrusion activities, incident response techniques, tools, and procedures
- Knowledge of digital forensics methodology as well as security architecture, system administration and networking (including TCP/IP, DNS, HTTP, SMTP)
- Strong understanding of vulnerability and exploitation concepts
- Scripting and automation experience in Python, Bash, Powershell, or Javascript
- Strong knowledge of advisory cyber threat actors including Advanced Persistent Threat (APT) actors, cybercriminal groups, hacktivists, and insider threats
- Knowledge of and experience with standard network logging formats, network management systems and network security monitoring systems, security information and event management, network packet analysis tools and forensic analysis tools
- Strong knowledge of cloud and application security
- Working knowledge of the Cyber Threat Kill Chain
- Map use cases and subsequent rules and policies to the MITRE Telecommunication&CK framework.
- Strong knowledge of Network security principles, host-based security principles, network and system administration, forensic analysis principles, cyber threat intelligence principles, PKI, and/or counterintelligence operations
- Knowledge of and experience with cloud, web proxy, firewalls, IPS, IDS, mail content scanning appliances, enterprise Antivirus solutions, Network Analyzers, and domain name servers desired
Preferred requirements:
- Bachelor's degree in Computer Science or Engineering
- Knowledge of Malware Analysis, Reverse Engineering, and Memory Forensics tools and techniques
- Experience building policies and rules on email and network platforms
- Individuals with CEH, GIAC, Security+ certifications preferred
- Splunk Power User certification a plus
- Knowledge of SOAR tools .
Job Type: Contract
Pay: $41.00 - $45.00 per hour
Schedule:
- 8 hour shift
Experience:
- SOC: 5 years (Required)
- Cyber security: 3 years (Required)
- Threat Intelligence: 5 years (Required)
Work Location: On the road
Speak with the employer
+91 7036526230