Cyber Security Engineer

at Russell Tobin
Published November 29, 2022
Location Cary, NC
Category Default  
Job Type Full-time  

Description

Job Title - Cyber Security Engineer

Location - Remote

Key to the Role: Security Operations Center (SOC) environment experience with at least 8 years of IT to include 2+ years of experience detecting and responding to cyber intrusions in an Operations Technology environment

Proven ability to manage issue resolution processes through the full Lifecyle including communication to senior IT and business executives

Best Fit candidates should have an interest in advancing their career to SOC management roles

Position Description:

Company Cyber Security operations is seeking a Cyber Security Engineer who provides dedicated “eyes on glass” monitoring and analysis capability for SOC operations and Incident Response. The Cyber Security Engineer will conduct analysis of security events to include validation, investigation escalation and reporting of events of interest based on the guidelines and event handlers provided to them. The Cyber Security Engineer will be responsible for all such events of interest and will make sure they are continuously monitored and reviewed.

Key Responsibilities:

  • Monitoring and analysis of cybersecurity events
  • Fully operate from Cradle to Grave the incident response process
  • Conducting incident response within a major public cloud (i.e. AWS, GCP , Azure)
  • Excellent understanding about Windows and Linux OS internals
  • Excellent knowledge of protocols like HTTP, HTTPS, TCP/IP, WebSocket, SSH, SFTP, RDP etc.
  • Good understanding of the industry models such as the Cyber Kill Chains, Diamond Model and MITRE ATT&CK framework
  • Practical hands-on experience analyzing windows & linux artifacts produced from digital forensics and incident response
  • Good understanding of cyber threat landscape, TTPs, threat actors and groups

Proficiency with the following tools:

  • EDR
  • Anti-Virus/NGAV
  • HIPS, ID/PS, DLP, WAF
  • Host forensics - SIFT, Magnet Axiom or other host forensic tools sets
  • Network forensics - Security Onion, Suricata, Zeek(Bro), SOF-ELK or other tool set
  • Memory forensics - Volatility, Rekall
  • Communicate new ideas or suggestions for analysis/process improvement
  • Deep understanding of logging mechanisms of Windows, Linux platform
  • Participate in a 24x7 (On-Call) coverage model to prevent and remediate security threats
  • Knowing how to Script in languages such as Python, Powershell, Bash to build incident response workflows and automation is a plus
  • Experience with SIEM technologies (Splunk etc), Threat hunting, monitoring and investigations
  • Have excellent written and verbal communication skills
  • Possess good technical understanding, takes initiative to remain up to date with cyber security skills, and fosters an attitude of continual learning/adapting
  • Possess the ability to adjust and adapt to changing priorities in a dynamic environment
  • Ability to work with minimum guidance.

Experience:

Security Operations Center (SOC) environment experience with at least 8 years of IT to include 2+ years of experience detecting and responding to cyber intrusions in an Operations Technology environment

Bachelor’s degree or equivalent combination of education and 10 years of experience in computer science, computer engineering, mathematics or related field

Desirable certifications include:

  • SANS GIAC GCED; GCIH; GCFA; GREM; GIAC GOLD. ISC CCFP; CSIH. EC Council ECSA; CHFI; ECIH