Assistant Manager

Job Description

Roles and responsibilities:A Level 3 Security Analyst is a subject matter expert responsible for managing threats, disseminating information, and handling, responding to, and investigating all incident escalations from the L1 & L2 security teams. Level 3 team members will further an investigation and ensure root cause and resolution for metrics, tracking, lessons learned are compiled, documented and disseminated in conjunction with the CSIRT process. They will provide insight and expertise to examine malicious code (malware), attack vectors, network communication methods, analyze threats against target systems and networks, determine target network capabilities and vulnerabilities, support development and maintenance of new tools and techniques to exploit specific targets, and produce technical after-action reports in support of the SOC. Level 3 analysts will be the focal point for critical security events and incidents and will serve as subject matter experts in providing recommendations to the SOC Manager and other members of Information Security and IT management for escalation and remediation. Additionally, the Level 2 Analysts will: Validate IOCs that triggered the original alert. Investigate intrusion attempts and perform in-depth analysis and correlation of network traffic, host-based alerts, and forensic images as needed. Conduct in-depth investigations of events that are escalated by Level 1 Analysts. Research additional internal and external data sources for additional enrichment of event information. Determine when an event has reached the threshold of an incident and engage Incident Response Handler to declare an incident. Create filters, data monitors, dashboards, and reports within monitoring utilities. Troubleshoot security monitoring devices to improve event correlation and performance. Handle high and critical severity incidents as described in the operations playbook. Monitor Level 1 Analyst performance investigating incoming events using SOC-available tools. Ensure the events populated in the SIEM portals are addressed in a timely manner using available reporting and metrics. Coordinate with SIEM Engineers to tune events and alerts. Assist with Threat Hunting activities at the direction of one or more Incident Response Handlers. Drive and monitor shift-related metrics processes ensuring applicable reporting is gathered and disseminated per SOC requirements. Conduct proactive threat research. Required Technical skills: 5+ years of technical experience in Information Security, System Administration, or Network Engineering with at least 4-5 years of experience in Information Security. Experience scripting with PowerShell, bash/ksh/sh, Cisco IOS.sh, JunOSsh/csh, Perl, Tcl, Lua. Some programming experience with C, C++, C#, Python, HTML, JavaScript, .NET. Familiarity with common network vulnerability/penetration testing tools including, but not limited to, Metasploit, vulnerability scanners, Kali Linux, and Nmap. 2-4 year s experience with SIEM tools (Qradar, Splunk, Logrhythm, Solarwinds, etc.). 2-4 years experience in Azure Sentinel. Familiarity with common IDS/IPS and Firewalls (Snort, Cisco, Fortigate, Sourcefire). Knowledge of Windows, Unix-based systems, architectures, and network security devices. Intermediate level of knowledge of LAN and WAN technologies. Knowledge of networking protocols and security implications. 2-4 years experience with Incident Response activities . Experience with packet analysis and packet capture tools. Solid understanding of TCP/IP protocol, OSI Seven Layer Model. Expert knowledge of security best practices and concepts. Desired certifications: Security+, C|EH, Network+, Certified Information Systems Security Professional (CISSP), GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Reverse Engineering Malware . Familiarity with ticketing tool / ITSM tool.Qualifications: Bachelors degree in Computer Science, Engineering, Information Technology, Cybersecurity, or related field. 18-24 months of prior MDR/SOC/Incident response experience. Demonstrated technical knowledge of current network security, network hardware, protocols, and standards required. Shall have demonstrated professional experience in incident detection and response, malware analysis, or cyber forensics. Act as a workstream participant to support tier-1, tier-2, or tier-3 SOC environments. Be customer-oriented, flexible and demonstrated tendency to go above and beyond. Demonstrated strong oral and written communication and client facing skills. Demonstrated strong analytical and communications skills. Flexibility to adapt to different types of engagement, working hours, work environments, and locations. Proven ability to work creatively, analytically in a problem-solving environment. Ability to work nights, weekends, and/or holidays in the event of an incident response emergency. Understand SIEM solution design and configuration. Be comfortable working against deadlines in a fast-paced environment. Identify issues, opportunities for improvement, and communicate them to an appropriate senior member. ,

Keyskills :
salesmisaccountstatbankingsubject matter expertsroot causekali linuxfocal pointit managementtesting toolspacket captureproblem solvingsolution designcomputer sciencenetwork security