Required Qualifications
- 8+ years operational experience assessing, reviewing, and remediating infrastructure vulnerabilities, CVEs, and risks.
- Knowledge of third-party software vulnerabilities, security threat landscape, especially network and server threats
- Knowledge of cyber security threats and risks, vendor computing environments, basic systems, and network technologies.
- Experience with and understanding of CVE’s and CVSS scores Knowledge of compensating controls and mitigating factors.
- Knowledge of Information Security frameworks, guidelines, and standard methodologies.
- Knowledge of the Windows and / or Linux operating systems
- Knowledge and understanding of Cybersecurity controls and logging and monitoring tools.
- Ability to expertly interact with all levels of personnel.
- Excellent verbal and written communication skills
- Strong in problem solving and analytical skills.
- Ability to work on multiple projects by prioritizing and results oriented approach.
- Good teammate with flexibility required for support operations.
- Be well versed in the cyber threat landscape; have an advanced understanding and knowledge of what tactics and techniques are being used by adversaries; have an advanced understand and knowledge of what security controls and/or telemetry data is available to detect these tactics and techniques; and be familiar with cyber security incident response terminology, processes, and techniques.
- Moderate to complex investigations (multiple tools) including endpoint, UEBA, public cloud, SAAS and packet analysis.
- Security use case design recommendations for threat detection
- Threat response activities such as quarantining host and other common response playbook activities
- Proactive threat hunting using multiple client tools.
- Process development and documentation.
- Application of threat intelligence to improve detection and response capabilities.
- Extensive experience with the MITRE @ttack framework and associated tactics
- Extensive alert triage and endpoint investigations using technologies such as EDR.
- Phishing analysis
- Malware analysis (does not include reverse engineering)
- MITRE attack framework expertise and understanding of common attack tactics used by threat actors.
- Provide recommendations on tuning of security detection platforms and use cases to improve accuracy of detection.
- Principal resource should have experience in Building use cases (Content Creation) with SIEM tools (any product experience will work)
- This role demands EDR experience towards CrowdStrike, Carbon black, MS Defender, Endgame as NextGen EDR Solutions
- Strong attention to detail and meticulous reporting using Power BI or other similar software and develop IR playbooks.
- Strong knowledge of network security including Firewalls (Palo Alto preferred), intrusion detection systems, load balancers TCP/IP Protocols, network analysis, and network/security applications
- Experience coordinating with multiple teams for rapid incident response and resolution.
- Ability to multi-task, prioritize, and manage time effectively.
- Excellent interpersonal skills and professional demeanour
- Excellent verbal and written communication skills
Preferred Qualifications
- Experience in system administration of AD, Microsoft Azure environment, Windows servers, Unix environment.
- Scripting knowledge (PowerShell, java, Perl)
- Knowledge of databases and query language such as SQL