Find More Than 10K+
United Kingdom Jobs

Job description

Job Title: Computer Consultant 5-SOC Engineer

Location: 9 Metro Tech Center, Brooklyn, 11201 (On-site)

Mode of hire- Contract

Duties:

Lead Incident Management activities to monitor and resolve incidents

• Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs)
• Conduct threat analysis and assessments on network/systems. Monitor, maintain, update, and secure FDNY infrastructure.
• Establish, maintain and execute all components of an incident response plan, including run books, from incident intake through root cause analysis, technical remediation analysis, and reporting
• Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system (IDS) logs) to identify possible threats to network security.
• Execute cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation
• Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
• Accurately documenting an incident from beginning to end as well as evidence handling.
• Write, test, and implement IOC's and IR alerts within the cybersecurity tools

• Collaborate with IT and Cybersecurity team members to onboard system and applications logs in the central logging system
• Utilize endpoint security tools like CrowdStrike, McAfee, RSA NetWitness, NetBrain for threat hunting
• Strong knowledge of Proxy Web Gateway
• Utilize m onitoring tools like Armis, Extrahop, Splunk, Secureworks and McAfee IDS/IPS, McAfee Proxy Gateway, Secureworks Taegis Platform, Netwrix, Extrahop, Firewalls (Palo Alto, Fortinet) etc.
• Use vulnerability management tools like Nessus, Rapid 7 and penetration tools like Core Insight, NMAP, Netcat, and Metasploit
• Be a power user of Splunk SEIM
• Perform root cause analysis

Minimum requirements:

• 5+ years of work experience in SOC as a Threat Intelligence or Incident Response Analyst
• Strong experience performing threat hunting and incident response using Splunk and cybersecurity management tools
• Deep understanding of computer intrusion activities, incident response techniques, tools, and procedures
• Knowledge of digital forensics methodology as well as security architecture, system administration and networking (including TCP/IP, DNS, HTTP, SMTP)
• Strong understanding of vulnerability and exploitation concepts
• Scripting and automation experience in Python, Bash, Powershell, or Javascript
• Strong knowledge of advisory cyber threat actors including Advanced Persistent Threat (APT) actors, cybercriminal groups, hacktivists, and insider threats
• Knowledge of and experience with standard network logging formats, network management systems and network security monitoring systems, security information and event management, network packet analysis tools and forensic analysis tools
• Strong knowledge of cloud and application security
• Working knowledge of the Cyber Threat Kill Chain
• Map use cases and subsequent rules and policies to the MITRE Telecommunication&CK framework.
• Strong knowledge of Network security principles, host-based security principles, network and system administration, forensic analysis principles, cyber threat intelligence principles, PKI, and/or counterintelligence operations
• Knowledge of and experience with cloud, web proxy, firewalls, IPS, IDS, mail content scanning appliances, enterprise Antivirus solutions, Network Analyzers, and domain name servers desired

Preferred requirements:

• Bachelor's degree in Computer Science or Engineering
• Knowledge of Malware Analysis, Reverse Engineering, and Memory Forensics tools and techniques
• Experience building policies and rules on email and network platforms
• Individuals with CEH, GIAC, Security+ certifications preferred
• Splunk Power User certification a plus
• Knowledge of SOAR tools .

Job Type: Contract

Pay: $41.00 - $45.00 per hour

Schedule:

• 8 hour shift

Experience:

• SOC: 5 years (Required)
• Cyber security: 3 years (Required)
• Threat Intelligence: 5 years (Required)

Work Location: On the road

Speak with the employer
+91 7036526230