Incident Handling – Lead / Sr Lead Consultant
Experience :
6 to 8 yrs – Lead Consultant
8 to 10 Yrs – Sr Lead Consultant
Job Summary :
The team manages multiple security technologies and produces enhancements that allow SOC members to work collaboratively and efficiently while responding to threats. The personnel in this role will work as part of a cyber security operations team responsible for carrying out 24×7 on-site security monitoring operations.
Job Qualifications :
The ideal candidate will have 6+ years of security related experience in areas such as intrusion detection, incident response/handling, firewall administration, etc. They should be comfortable with a command line interface and some level of exposure to administering systems and services for various operating systems.
In addition, the ideal candidate must have the following knowledge / experience :
- Knowledge of security incident and event management, log analysis, network traffic analysis, malware investigation and remediation, SIEM correlation logic and alert generation.
- Demonstrated ability to analyze, triage and remediate security incidents
- Understanding of Security principles, techniques and technologies such as SANS Top 20 Critical Security Controls and OWASP Top 10.
- Knowledge of SIEM solution such as RSA Security Analytics, ArcSight, LogRhythm, QRadarr, Splunk or similar.
- Must be able to manage multiple priorities simultaneously.
- Moderate knowledge of networking fundamentals (TCP/IP, Network Layers, etc.)
- Moderate knowledge of malware operation and indicators
- Moderate knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)
- Moderate knowledge of security related technologies and their functions (IDS, IPS, EDR, IRP, FW, WAF, SIEM, etc.)
- Moderate protocol analysis experience (Wireshark, Gigastor, Netwitness, etc.)
- Basic knowledge of audit requirements (PCI, HIPPA, SOX, etc.)
- Basic programming skills in various disciplines including scripting languages
Security Certifications Preferred (including but not limited to the following certifications):
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GIAC)
- Certified Ethical hacker (CEH)
- Certified Expert penetration tester (CEPT)
- Certified Information Systems Security Professional (CISSP)
- Networking Certifications (CCNA, etc)
- Platform Certifications (Microsoft, Linux, Solaris, etc)