Sr. SOC Engineer
Job DescriptionThe primary responsibilities of the Security Analyst / Engineer include:
Acknowledge, analyze, and validate incidents triggered from correlated events through SIEM solution Acknowledge, analyze, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc.
Collection of necessary logs that could help in the incident containment and security investigation Escalate validated and confirmed incidents to SOC Analyst Undertake first stages of false positive and false negative analysis Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Network Appliances, AV and antimalware software, email security etc.
Open incidents in ServiceNow to report the alarms triggered or threats detected.
Analyst should properly include for each incident on ServiceNow all details related to the logs, alarms and other indicators identified in accordance with the intervention protocol of each client and the SLA.
Track and update incidents and requests based on client's updates and analysis results Properly log client requests and change requests in ServiceNow Generate weekly reports from SIEM for review Other duties related to the position Additional responsibilities will include but are not limited to:
Web application vulnerability scanning Security log management and monitoring Intrusion detection and prevention systems operations Vulnerability detection, assessment, and mitigation Risk assessment and deployment of security patches Antivirus management and operations Develop and maintaining information security metrics Administrative and service account creation Aid core security and incident response teams Enterprise encryption standards development and support Development and distribution of various security advisories and awareness messages Maintain growing knowledge of industry trends relating to security management and services
Qualifications:
Appropriate candidates should possess at least 2-3 years of experience in a Security Operations Center as part of either an Enterprise or Managed Security Services environment, as well as at least 1 year experience supporting security in a cloud-based environment.
Fujitsu Americas Inc.
is looking for candidates who can provide a well-rounded knowledge and experience based in incident response and security event analytics.
An overall flexibility and willingness to work under unpredictable time and project variables are essential.
Required education and
Experience:
Bachelors in computer science/ IT /Electronics Engineering, M.
C.
A.
or equivalent University degree or a related discipline, combined with a minimum of (1) years of directly related practical experience and demonstrated ability to carry out the functions of the job OR Completion of two years of an acceptable post-secondary educational program in Computer Sciences from a recognized community college, or in a related discipline, combined with a minimum of (2) years of directly related practical experience and demonstrated ability to carry out the functions of the job OR Minimum of (3) years of directly related practical experience within the last eight years and demonstrated ability to carry out the functions of the job.
Required skills:
Candidate should possess some knowledge in the following technical skills:
Incident Response, Log Analysis, TCP/IP, Network Traffic Analysis, Antivirus/Malware, Intrusion Detection/Prevention, Security Incident and Event Management Systems (SIEM), Packet Analysis Techniques, Event Correlation, and Incident Triage.
Familiar with security tools & programs such as:
Azure Sentinel, LogRhythm, FireEye, Palo, Checkpoint Experience in security vulnerability assessments Experience using ticketing systems such as ServiceNow and Remedy Security certifications:
SANS/GIAC (GCIH, GCIA or GCUX), CCNA, CISSP, or CISA certifications are desired Knowledge of Cloud and application security including web applications, web services, XML, SOA, AJAX, JSON, and web scanning tools within public cloud environments such as:
Azure, AWS, OCI, and Google Knowledge of:
Multifactor Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions Knowledge of NIST, PCI, HIPAA, SOX, JSOX, and other regulatory controls are preferred but not required Desired characteristics:
Thirst for knowledge, inquisitive nature, and interest in actively participating in SOC expansion Experience working in an IT Security Operations Center, using SANS methodology Experience and extensive knowledge of Security Information Event Management Experience in Intrusion Detection and Prevention Systems Knowledge of:
TCP/IP, computer networking, routing, and switching Experience in Linux/UNIX and Windows based devices at the System Administrator level System log forensics (Syslog, Event Viewer) Strong troubleshooting, reasoning, and problem-solving skills Team player, excellent communication skills, good time management Organizational skills and the ability to work autonomously with attention to processes Ability and willingness to think outside of the box to find creative and innovative solutions to reduce costs with a minimal impact on reliability.
Ability to speak and communicate effectively with peers, management, and clients Ability and experience in writing clear and concise technical documentation Ability to speak and write fluently Recommended Skills Administration Ajax (Programming Language) Application Security Certified Information Security Manager Certified Information Systems Security Professional Cisco Certified Network Associate Estimated Salary: $20 to $28 per hour based on qualifications.
Acknowledge, analyze, and validate incidents triggered from correlated events through SIEM solution Acknowledge, analyze, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc.
Collection of necessary logs that could help in the incident containment and security investigation Escalate validated and confirmed incidents to SOC Analyst Undertake first stages of false positive and false negative analysis Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Network Appliances, AV and antimalware software, email security etc.
Open incidents in ServiceNow to report the alarms triggered or threats detected.
Analyst should properly include for each incident on ServiceNow all details related to the logs, alarms and other indicators identified in accordance with the intervention protocol of each client and the SLA.
Track and update incidents and requests based on client's updates and analysis results Properly log client requests and change requests in ServiceNow Generate weekly reports from SIEM for review Other duties related to the position Additional responsibilities will include but are not limited to:
Web application vulnerability scanning Security log management and monitoring Intrusion detection and prevention systems operations Vulnerability detection, assessment, and mitigation Risk assessment and deployment of security patches Antivirus management and operations Develop and maintaining information security metrics Administrative and service account creation Aid core security and incident response teams Enterprise encryption standards development and support Development and distribution of various security advisories and awareness messages Maintain growing knowledge of industry trends relating to security management and services
Qualifications:
Appropriate candidates should possess at least 2-3 years of experience in a Security Operations Center as part of either an Enterprise or Managed Security Services environment, as well as at least 1 year experience supporting security in a cloud-based environment.
Fujitsu Americas Inc.
is looking for candidates who can provide a well-rounded knowledge and experience based in incident response and security event analytics.
An overall flexibility and willingness to work under unpredictable time and project variables are essential.
Required education and
Experience:
Bachelors in computer science/ IT /Electronics Engineering, M.
C.
A.
or equivalent University degree or a related discipline, combined with a minimum of (1) years of directly related practical experience and demonstrated ability to carry out the functions of the job OR Completion of two years of an acceptable post-secondary educational program in Computer Sciences from a recognized community college, or in a related discipline, combined with a minimum of (2) years of directly related practical experience and demonstrated ability to carry out the functions of the job OR Minimum of (3) years of directly related practical experience within the last eight years and demonstrated ability to carry out the functions of the job.
Required skills:
Candidate should possess some knowledge in the following technical skills:
Incident Response, Log Analysis, TCP/IP, Network Traffic Analysis, Antivirus/Malware, Intrusion Detection/Prevention, Security Incident and Event Management Systems (SIEM), Packet Analysis Techniques, Event Correlation, and Incident Triage.
Familiar with security tools & programs such as:
Azure Sentinel, LogRhythm, FireEye, Palo, Checkpoint Experience in security vulnerability assessments Experience using ticketing systems such as ServiceNow and Remedy Security certifications:
SANS/GIAC (GCIH, GCIA or GCUX), CCNA, CISSP, or CISA certifications are desired Knowledge of Cloud and application security including web applications, web services, XML, SOA, AJAX, JSON, and web scanning tools within public cloud environments such as:
Azure, AWS, OCI, and Google Knowledge of:
Multifactor Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions Knowledge of NIST, PCI, HIPAA, SOX, JSOX, and other regulatory controls are preferred but not required Desired characteristics:
Thirst for knowledge, inquisitive nature, and interest in actively participating in SOC expansion Experience working in an IT Security Operations Center, using SANS methodology Experience and extensive knowledge of Security Information Event Management Experience in Intrusion Detection and Prevention Systems Knowledge of:
TCP/IP, computer networking, routing, and switching Experience in Linux/UNIX and Windows based devices at the System Administrator level System log forensics (Syslog, Event Viewer) Strong troubleshooting, reasoning, and problem-solving skills Team player, excellent communication skills, good time management Organizational skills and the ability to work autonomously with attention to processes Ability and willingness to think outside of the box to find creative and innovative solutions to reduce costs with a minimal impact on reliability.
Ability to speak and communicate effectively with peers, management, and clients Ability and experience in writing clear and concise technical documentation Ability to speak and write fluently Recommended Skills Administration Ajax (Programming Language) Application Security Certified Information Security Manager Certified Information Systems Security Professional Cisco Certified Network Associate Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
