Cyber Security Engineer IV

at KellyMitchell
Location Bellevue, WA
Date Posted July 13, 2019
Category Default
Job Type Contractor


The CSOC Security Engineer (Tier 2) is a key member of the 24x7 Cyber Security Operations Center; monitoring and responding to real-time alerts and incidents in order to contain and mitigate risk to the client’s systems, services and information assets. This is a high profile, fast-paced role that interfaces across the entire company and at all levels of the organization. 

The role of a CSOC Security Engineer is the detailed and repeatable execution of all operational tasks as documented in processes and subordinate procedures, specifically: 
• May require shift work in a 24x7 Cyber Security Operations Center 
• Monitor incoming event queues for potential security incidents per operational procedures 
• Perform triage, analysis, and response of security alerts to determine and initiate appropriate courses of action, with escalation as defined by established procedures 
• Collect and organize alert, event and triage data to produce reports to provide feedback to existing content, inform new content, and measure relevant KPIs 
• Provide support for and collaboration with higher-tier support teams to investigate escalated incidents 
• Assist in the development of new security operations processes as well as the refinement or improvement of existing processes 
• Monitor CSOC ticket (or email) queue for potential event reporting from outside entities and individual users 
• Maintain CSOC shift logs with relevant activity from current shift. 
• Document investigation case notes, ensuring relevant details are passed to CIRT for escalated incident analysis 
• Update or reference CSOC knowledge management repository as necessary for changes to CSOC processes and procedures and ingest CSOC daily intelligence reports and previous shift pass downs 
• Conduct security research and intelligence gathering on emerging threats and exploits 

Minimum Required 

• US Citizenship required 
• 2-4 years of experience as a SOC or Incident Response investigator or equivalent work experience 
• Conversant with cyber security intrusion analysis concepts and techniques 
• Understanding of security incident investigation and log analysis 
• Experience investigating security incidents, threats and vulnerabilities 
• Demonstrable knowledge of networking (TCP/IP, topology, OSI model and network forensics), operating systems (Windows/MacOS/Linux), and web technologies (web applications, database security, web servers) 
• Ability to read and understand system data, including, but not limited to, security event logs, system logs, and firewall logs 
• High degree of attention to detail 
• Strong verbal and written communication skills 
• Experience supporting Cyber Security Operations in a large enterprise environment 
• Experience with SIEM & Log Management solutions 
• Experience with enterprise systems administration 
• Experience in administration and maintenance of enterprise networks 
• CCNA Security, GCIA, GCIH or other related security certifications 
Minimum Required Education 
• Degree in Computer Science, Information Technology, or equivalent work experience 
• Course work in Cyber Security is strongly preferred 
General/Physical Requirements 
• Must sit for extended periods of time. Extensive computer and telephone utilization. 
• Shift work in a 24x7 Cyber Security Operations Center 
• Participation in on-call rotation may be required