Role Description

Role Objectives

• Act as technical lead in the development and enhancement of capabilities such as Cyber Monitoring & Response/Purple Teaming/Threat Hunting/Digital Forensics/Incident Response
• Lead the analysis of security alerts or technical response to security events and incidents
• Mentor and guide more junior SOC personnel sharing your knowledge and expertise.
• Develop and improve monitoring & response playbooks.
• Conduct proactive threat hunting and DFIR activities.
• Develop deep expertise in our monitoring systems and technology to act as an SME in working with our detection engineering and automation teams to enhance our abilities to prevent, detect & respond.
• Identify and test new adversary TTPs and our ability to detect and respond to them.
• Identify opportunities for efficiency, work hand in hand with Security Automation team to automate and improve our response processes.
• Assist in the implementation and ongoing support of security systems, acting as an SME for SOC related projects.
• Execute tasks or support projects to enhance team’s capabilities.
• Assist in defining SOC requirements for information technology projects.
• Act as a role model and set the standard for technical analysis within the SOC.
• Providing strong mentorship and guidance to more junior SOC team members by acting and leading by example. Bring a positive outlook and seek to motivate and inspire your fellow team members.

Role Objectives: Expertise

• Demonstrate comprehensive understanding of cyber security best practices, risk vectors, mitigation techniques and protection software. Display knowledge of network security concepts and tools such as firewalls, proxy servers, email security and suspicious traffic flows. Exhibit analytical ability to lead incident response and mitigation efforts as well as identify key areas for improvement from post-incident analysis. Show ability to convey cyber security polices and concepts to employees and lead training efforts to ensure all employees follow recommended best practices relating to cyber security.
• Strong understanding of MITRE ATT@CK Cyber Kill Chain and similar frameworks.
• Strong knowledge of security controls related to the detection, analysis, and response (SIEM, EDR, NDR, XDR, UEBA).
• Strong knowledge of Windows and Linux systems, Active Directory, Cloud technologies.

Qualifications and Skills

• 5+ years of experience in cyber security experience required, ideally in a SOC, DFIR, or CSIRT role.
• Strong verbal and written communication skills with experience in documenting their work to a high level.
• Professional Certifications an advantage but not essential if have requisite role knowledge, GCIH, GNFA, GFCA, Certified Ethical Hacker (CEH), OSCP, CISSP or similar certifications a plus.
• Must be self-directed with the ability to work independently.
• Ability to multi-task and remain productive in a service-driven and results oriented environment.
• Demonstrated strong organizational, analytical, and problem-solving skills.

Additional Requirements