Security Operations Engineer
MSCCN - Charlottesville, VA
Apply NowJob Description
The Security Operations Engineer leading Incident Response (IR) will be a member of the Information Security Office (ISO), Cybersecurity Operations Team a division of the Information Technology (IT) Organization. Top Skills' Details 1) 3-5 years of experience 2) Experience with Azure and AWS 3) Must have Experience with Microsoft Defender 4) 24/7 SOC, L3 support. This person will share weekly rotation for on call (every other week). They will need to respond if something is escalated from L2 team. This will be a remote working opportunity, but the individual must be able to report on site in the Charlottesville office, within a reasonable amount of time, in the event that the cybersecurity incident and execution of the response playbook is executed Want someone in VA/DC/MD/NC who could come to charlottesville, VA if needed The mission of the Cybersecurity Operations Team is to Support Priority Initiatives of the Information Security Office (ISO) Enforce Information Security Policy Support and Collaborate Across All Areas of Information Technology (IT) to Reduce Risk and Continuously Improve the Security Posture The IR Security Operations Engineer will be the Team Lead for the Incident Response Team, overseeing day to day operations of all Security Operations Center (SOC) Services and providing Level 3 (L3) operational support for all cybersecurity incidents. Subsequently, in the event of compromise, in which cybersecurity response playbook is executed, the IR Security Operations Engineer holds the honorary position of Team Lead for the Detection and Response Team (DART). The DART Team Lead is responsible for determinations made by the DART team in responding to the cybersecurity incident and execution of the response playbook. The DART Team Lead manages all communications and coordination between the DART Team and MDRSOC. The IR Security Operations Engineer will review current cyberthreats and modify processes and procedures to improve Institute's cyberthreat detection, prevention and remediation capabilities and will lead and participate in cybersecurity related activities that support the objectives of the ISO. The Incident Response team focuses on protecting Institute from external and internal cybersecurity threats, and is responsible for monitoring, analyzing and triaging cybersecurity events of interest and incidents escalated by a Managed Job Description Security Service Provider (MSSP) and Security Information and Event Management (SIEM) service and is responsible for deciding if a particular security event or incident needs further investigation or can be resolved. The IR Security Operations Engineer will define the incident response processes and procedures at Institute and will guide the IR team to coordinate and respond to case work including but not limited to computer security vulnerabilities, malware, phishing, social engineering, and forensic investigations. The IR team responds to case work as it relates to compromise of proprietary software, through monitoring of suspicious activity to databases, web applications, and infrastructure. The IR Security Operations Engineer will oversee all case work to ensure timely mitigation and remediation efforts are completed and will ensure that all undocumented cases of adverse security events, security incidents or case work are properly documented and incorporated in the Security Operations incident monitoring, analysis, and response playbook. ESSENTIAL FUNCTIONS This position is required to handle highly confidential matters and materials with discretion. The responsibilities of this position include, but are not limited, to: Design and implement Incident Response processes and procedures in alignment with IT Operations tools and technologies. o Design and implement all monitoring, logging, alerting, and ticket intake. o Optimize work intake and continuously improve key performance indicators (KPI) such as mean time to detection (MTTD) and mean time to response (MTTR). o Continuously evolve processes and procedures to respond to shifts in business initiatives and technology operations. Oversee administration of Managed Security Service Provider (MSSP) Services. This is SIEM/SOC Services. o Lead management of the overall MSSP relationship including reviewing MSSP KPIs for monitoring coverage and metrics. o Continue to develop MSSP relationship. o Closely work with MSSP to identify and resolve security incidents when needed. Oversee Incident Response Team and SOC Managed Services o SOC Managed Services are responsible for triaging all security events from general monitoring and alerting or the MSSP. o Accountable for investigation of each security event and for deciding if the event is an incident or can be resolved. o Respond to incidents as defined by cybersecurity IR playbooks and/or escalate concerns when needed. o In the event of a compromise, Lead the DART Team and execute the cybersecurity incident response playbook. Partner with the Information Security Office to review new threats in the environment, make determinations if current threat monitoring and responses need modification. Subsequently, in collaboration with IT Operations teams, modify any tools, logs or notifications to support changes needed. Responsible for collecting audit evidence at the request of the Information Security Office for various audit and compliance checks, for example, PCI Compliance and SOC 2 Assessment. Support IT Operations and the Information Security Office in efforts to educate the Institute workforce on security threats. Skills: Security operations, Aws, Microsoft Defender Additional Skills & Qualifications: EDUCATION Bachelor's degree in Information Security, Computer Science or directly related field is required. A minimum of 5 years of experience in Information Technology with a minimum of 2 years of professional IT Security Incident Responder/Forensics experience. Highly Recommended Certifications: o CompTIA Security o GIAC Certified Incident Handler CISSP, CFCE, GCFE, OSCP, CFE, or similar, preferred but not required. EXPERIENCE Working experience with multiple platforms, operating systems, software, communications, and network protocols with a focus on security controls. Experience working with network monitoring, analysis, troubleshooting, and configuration. Experience working with Microsoft Threat Detection and Response technologies, such as Microsoft Defender. Experience with Microsoft Intune for Endpoint Management and Microsoft Group Policy Management (GPO). Working knowledge of Next Generation Firewalls, Web Application Firewalls and policy configuration, Cloud Hosted Infrastructure and Products (Azure, AWS, CloudFlare) Understanding TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB Experience with host-centric tools for forensic collection and analysis Experience managing cases with enterprise SIEM, Logging and Ticketing Systems (JIRA Service Desk) Experience with host-based detection and prevention suites Detailed understanding of Advanced Persistent Threats. High Level Understanding of System/Application Vulnerabilities and Exploitation (OWASP, SANS, CIS Controls) Some experience with malware analysis preferred but not required (dynamic and static) Experience supporting Network Investigations Experience conducting forensic media analysis and log file analysis. Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: § Medical, dental & vision § Critical Illness, Accident, and Hospital § 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available § Life Insurance (Voluntary Life & AD&D for the employee and dependents) § Short and long-term disability § Health Spending Account (HSA) § Transportation benefits § Employee Assistance Program § Time Off/Leave (PTO, Vacation or Sick Leave) About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Created: 2024-10-11