Job Title: SOC Engineer
Duration: 6 +Months
Remote
Must have skills:
- SOAR -Security orchestration, automation, and response.
- SIEM - Security information and event management
- PYTHON Development
Job Summary:
We are seeking a skilled SOC Engineer to monitor, detect, analyze, and respond to security incidents affecting our SPC environment. The ideal candidate will leverage their automation skills to streamline SOC operations and enhance incident response capabilities. This role requires strong oral and written communication skills, analytical problem-solving abilities, sound judgment, and a solid foundation in IT security.
Job Responsibilities:
- Security Monitoring: Utilize security event management systems (SIEM) and other tools to detect security incidents and anomalies.
- Incident Analysis: Investigate and analyze security incidents, determine root causes, assist in vulnerability assessments, and manage remediation efforts.
- Automation Development: Create and implement automation scripts and workflows to improve SOC efficiency, including incident response automation and playbook creation.
- Log Analysis: Perform in-depth analysis of logs to identify indicators of compromise (IOCs) and potential security breaches.
- Response Planning: Develop and maintain incident response plans and procedures to ensure optimal response to security incidents.
- Collaboration: Coordinate with analysts and other stakeholders to promptly escalate and respond to security incidents.
- Mentorship: Provide guidance and mentorship to analysts on incident detection, analysis, and response techniques.
- Exercises and Simulations: Participate in security incident tabletop exercises and simulations to test and improve incident response capabilities.
- Continuous Learning: Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and mitigation techniques.
- Process Improvement: Contribute to continuous improvement initiatives within the SOC, including process refinement and tool enhancement, and generate SLI/SLO-related metrics to show improvements.
- Subject Matter Expertise: Act as one of the information security subject matter experts for the Incident Response team and assist in escalations.
- Travel Requirements: Yearly travel may be required for approximately one to two weeks per year, subject to change as business requirements evolve.
Qualifications and Requirements:
- IT and Security Knowledge: Solid understanding of information technology and security best practices.
- Cloud Experience: Hands-on experience with one or more of AWS, Azure, GCP is desired but not required.
- Team Collaboration: Ability to collaborate effectively with teams across different functions.
- Network Knowledge: Basic understanding of network routers, switches, and firewalls.
- Automation Skills: Passionate about automation, performance, reliability, visibility, and finding creative solutions to complex security issues using Python.
- Linux Proficiency: Proficient in Linux, including understanding security hardening for Linux, web applications, and databases such as PostgreSQL and MariaDB.
- Kubernetes Experience: Experience with Kubernetes is a plus.
- Security Tools: Familiarity with open-source security tools and applications.
- Attention to Detail: Strong attention to detail with exceptional organizational skills.
- Availability: Willingness to work in a 24/7 environment, including weekends and holidays, with on-call duties.
- Experience: 5+ years of experience in a related field.