Description:
Business Initiative/Purpose: (Goal, Business Impact, Accomplishments from the work)
Accelerate the onboarding of new alerts into the Cyber Fusion Center, particularly around cloud.
Role Responsibilities: (What they will be doing)
The SOC Consultant is responsible for maturing the organization's monitoring and response capabilities around new use case, alerts, and automated playbook feedback.
Objective is to bring advanced external expertise to the organization to accelerate the SOC's coverage of multiple alert use-cases.
The role will also deliver specific deliverables including, but not limited to:
Alert Review and Prioritization
Alert Runbook Development
Alert Automation Analysis
Onboarding of Defender Alerts (e.g. Defender for Cloud)
Cloud Containment & Eradication
Alert Tuning
Bachelor Degree: (Required, Preferred or Not Required)
Preferred.
Must Have Skills/Prior Experiences: (Vendor should not submit any candidate that does not have these skills/prior experience.)
The selected candidate must demonstrate an understanding of the SOC best practices.
The candidate must demonstrate an understanding of key cloud resources and logs used to facilitate mature security operations center workflows.
The ability to quickly identify nefarious artifacts versus benign activity will be a key skill for this position. This role must have problem solving skills for structured, unstructured, and complex situations.
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
Extensive hands-on experience conducting cyber alert analysis in various SIEM, Cloud, and other platforms.
Strong ability to express their skills and knowledge in both verbal and written forms.
Experience developing high-quality deliverables about deep technical concepts.
Conduct cyber investigations for escalated and challenging computer security incidents.
Participate in the creation and maintenance of use cases for recurring investigation/incident triggers in support of the 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.
Participate in the creation and maintenance of playbooks used in response for investigation/incident triggers in support of 24/7 Cybersecurity Threat Operations and Cybersecurity Threat Management program.
Interface with other teams in Information Security (e.g. network operations, Cyber Fusion Center (CFC) ), vulnerability management) along with information and liability risk officers and technology management to help guide cyber security investigations and incidents.
Identify new threat tactics, techniques and procedures used by cyber threat actors.
Proactively engage in threat hunting activities to proactively search for threats in the enterprise environment.
Plus/Nice to Have Skills/Prior Experiences: (Hiring Manager DOES NOT require these skills/ prior experience. However candidates with any of these will be looked at first.)
Experience working in cloud environments, namely Microsoft Azure.
Industry certifications in general technology and security (e.g. Network+, Security+, CySA+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, Microsoft Security Operations Analyst Associate etc.)
Industry certifications in cyber forensics and incident response, such as GIAC Cloud Security Essentials Certification (GCLD), GIAC Cloud Threat Detection (GCTD), GIAC Cloud Security Automation (GCSA), GIAC Cloud Forensics Responder (GCFR), Certified Forensic Computer Examiner (CFCE), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), and other related credentials.
Demonstrated technical leadership experience.
EEO
“Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of – Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.”
