SOC Engineer (Incident Response) - Remote

Apply for this position Please mention DailyRemote when applying
timePosted 6 days ago location United States salarySalary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

Candidates will join a fast-paced and creative team of incident response engineers, penetration testers, and forensic analysts focusing on the identification, interrogation, exploitation, and reporting of incidents for the enterprise. The incident analysis will be end-to-end including the network, underlying servers and infrastructure (physical and virtual) as well as the application. Candidates will be required to perform incident response analysis uncovering attack vectors involving a variety, malware, data exposure, and phishing and social engineering methods. The successful candidate must have a strong understanding of SIEM and supporting forensic tools. The chosen candidate will participate in the remediation of incidents and responses that are generated from live threats against the enterprise. All incidents will be recorded and reported per Federal policy and legislation.

Candidates will be required to demonstrate proficiency in the Incident Response Process as well as the performance of threat hunting and SOC operations. Interview will also focus on conceptual and procedural methodologies used to evaluate logical, physical and technical systems compromise. Candidates understanding of malware analysis, advanced persistent threat, infection vectors and defense strategies will be heavily focused on during the screening process. Additional emphasis will be placed on the candidate's ability to articulate skills gained from experiences participating in incident response, malware analysis, SOC operations and Threat Hunting.

Required Skills:

  • 6-8 Years of SOC/IR experience
  • Thorough understanding of security incident response processes
  • Demonstrated experience of the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools
  • Demonstrated proficiencies with an enterprise SIEM or security analytics solution such as Kibana (ELK), Splunk, or LogRythm.
  • Solid understanding and experience analyzing security events generated from security tools and devices not limited to: Carbon Black, FireEye, Palo Alto, Cylance, and OSSEC
  • Experience and solid understanding of Malware analysis
  • Demonstrated experience and understanding of event timeline analysis and APT
  • Demonstrated proficiencies with application security testing including Chrome extensions

Preferred Skills:

  • Demonstrated proficiencies with one or more toolsets such as Core Impact and MetaSploit
  • Experience and solid understanding of manual and automated penetration methods
  • Demonstrate the suitability and use of COTS and Open Source discovery and analysis toolsets
  • Demonstrate proficiencies with application penetration testing (Java, .Net, and API {JSON})
  • Demonstrate experience with a programming or scripting language (Perl, Python, Ruby, or .Net)

Required Certifications:

  • All candidates are required to have a valid CISSP certification. Candidates with ISC2 CISSP concentrations (ISSAP or ISSEP) will be given priority consideration. Advanced penetration testing certification required.

Desired Certifications:

Note: One or more of the following may be required for consideration or attainment in the first 90 days of employment.

  • GIAC-GCFE - Global Information Assurance Certification Forensic Examiner
  • GIAC-GCFA - Global Information Assurance Certification Forensic Analyst
  • GIAC-GREM - GIAC Reverse Engineering Malware
  • GIAC-GNFA - GIAC Network Forensic Analyst
  • GIAC-GCTI - GIAC Cyber Threat Intelligence
  • GIAC-GPen - GIAC Certified Penetration Tester
  • GIAC-GWAPT - GIAC Certified Web Application Penetration Tester
  • GIAC-GXPN - GIAC Exploit Researcher and Advanced Penetration Tester
  • CEPT - Certified Expert Penetration Tester (CEPT)
  • CASS - Certified Application Security Specialist (CASS)
  • CWAPT - Certified Penetration Tester (CWAPT)
  • CREA - Certified Reverse Engineering Analyst (CREA)
- provided by Dice