Security Operations Center Engineer
Security Engineer - Security Operations Center
The Managed SOC at RoundTower monitors customers environments and perform Incident Detection, Validation, and Incident Reporting. The Engineer will be responsible for the implementation and maintenance of our SIEM Solutions and other technologies that support the Information Security program across RoundTower. This is a technical hands on position that requires someone with an understanding of the needs of a 24/7 SOC (Security Operations Center). We are looking for a candidate who has had a great deal of SIEM and security experience that will work closely with the SOC staff and with other highly technical members across multiple teams to continuously improve and enhance RoundTower's technical information security program. Incumbents will possess strong technical and analytical skills while providing accurate analysis of security related problems. They have a well-rounded networking background and are responsible for performing troubleshooting of customer issues. This individual is user focused and works to resolve client needs in a timely manner. These needs may involve resolving hardware/software failures, investigating and responding to security threats, and making change request to the security policy of company devices.
The SOC Engineer is expected to monitor security feeds from client servers, network devices, and end user workstations, operate and maintain network security equipment at client locations. The Engineer is expected to be familiar with a wide range of security tools and understand basic security fundamentals. The Engineer will perform information security event analysis and must possess knowledge of operating systems, TCP/IP networking, network attacks, attack signatures, defense countermeasures, vulnerability management, and log analysis.
Role and Responsibilities:
- Investigate intrusion attempts and perform in-depth analysis of exploits
- Provide network intrusion detection expertise to support timely and effective decision making of when to declare an incident
- Conduct proactive threat research
- Review security events that are populated in a Security Information and Event Management (SIEM) system
- Tuning of rules, filters and policies for detection-related security technologies to improve accuracy and visibility
- Data mining of log sources to uncover and investigate anomalous activity, along with related items of interest
- Independently follow procedures to contain analyze and eradicate malicious activity
- Document all activities during an incident and provide leadership with status updates during the life cycle of the incident
- Incident management, response, and reporting
- Provide information regarding intrusion events, security incidents, and other threat indications and warning information to the client
- Track trends and statistics for each assigned client
- Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions
- Client-facing security meetings
- Incident handling/response experience
- Working knowledge of common operating systems (Windows, Linux, etc.) and basic endpoint security principles
- The ability to think creatively to find elegant solutions to complex problems
- Excellent verbal and written communication skills
- The desire to work both independently and collaboratively with a larger team
- A willingness to be challenged along with a strong appetite for learning
- 2-4 years of experience in Information Security, Incident Response, etc.
- Hands-on experience with common security technologies (IDS, Firewall, SIEM, etc.)
- Knowledge of common security analysis tools & techniques
- Understanding of common security threats, attack vectors, vulnerabilities and exploits
- Knowledge of regular expressions
- Customer service focused and portrays energy, professionalism and welcoming characteristics.
- Strong ability to work in a highly sensitive and confidential environment.
- Ability to meet deadlines and handle sensitive and pressured situations.
- Ability to identify issues and help develop strategy and tactical plans for various department initiatives.
- Ability to use good judgment and decision-making skills
- Bachelors Degree in Computer Science, Information Security or related/equivalent educational or work experience
- One or more of the following certifications: CISSP, GCIA, Security+, CEH, ACSE