Level II SOC (Security Ops Center) Specialist (100% Remote Possible but prefer Metro Detroit/Ann Arbor, MI) – 2 Openings
- Job Title
- Level II SOC (Security Ops Center) Specialist (100% Remote Possible but prefer Metro Detroit/Ann Arbor, MI) – 2 Openings
- Job ID
- Ann Arbor, MI 48106
- Other Location
Title: Level II SOC (Security Ops Center) Specialist (100% Remote Possible but prefer Metro Detroit/Ann Arbor, MI) – 2 Openings
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies, to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project based work.
Our Information Security group is rapidly expanding its security program and designing new processes and practices. We are currently looking for 2 strong security professionals with pragmatic experience in proactively investigating security events to identify artifacts of a cyber-attack.
This position manages and monitors events and performance from host-based security products associated with the company's security controls. SOC Specialist - Level 2 will possess strong technical analytical skills while providing accurate analysis of security-related problems. They have a well-rounded networking background and are responsible for performing extensive troubleshooting of security issues in the fast-paced SOC.
The SOC Specialist - Level 2 is an individual focused on Security and works to resolve security needs in a timely manner. These needs may involve investigating and responding to security threats escalated from the SOC group, and making change requests to the security configuration and policy of our devices. Engineers will be the subject matter expert on the team for patching, application whitelisting, hardening, scanning and monitoring as well as security metrics for all security platform, related servers and services on our network.
Required Technical Skills and Qualifications
· Must have experience with security-related technologies including Active Directory, host-based firewalls, host-based intrusion detection systems, application white listing, server configuration controls, logging, SIEM, and monitoring tools, antivirus, and antivirus systems.
· Must have in depth, hands-on experience with security features and system administration of Linux, UNIX, and Windows operating systems.
· Must have an understanding of security vulnerabilities in common operating systems, web and applications servers, including knowledge of remediation procedures.
· Experience or understanding of PCI, and SOX compliance standards. Experience analyzing new requirements and making security recommendations based on business objectives.
· Must have experience implementing and maintaining security controls and best practices.
· Must possess excellent communication skills and ability to cooperate with other business functions.
· +3 years of professional experience in systems administration, systems engineering, and/or TCP/IP network administration.
· +3 years of experience with a variety of commercial security-related contexts, including threat research, intelligence analysis, link analysis, vulnerability analysis, network and host security tools, incident response, digital forensics, malware analysis, cloud computing, virtualization, or mobile security.
· Technical knowledge of fundamental internet infrastructure and application layer protocols to include TCP, UDP, ICMP, DNS, HTTP(S), SMTP, etc.
· Ability to identify, research, characterize, and authoritatively communicate new emerging security threats across the security spectrum to include publication, presentation, and defining appropriate countermeasures for the organization.
· Minimum of 4 years of relevant experience or equivalent combination of education and work experience, in mid-size to large companies:
o Completion of a Master’s degree or equivalent program in Computer Science, Computer Engineering, Electrical Engineering, network security, Information security, Information technology, or Mathematics and 1-2 years of work experience in the field.
o Completion of a Bachelor’s degree or equivalent program in Computer Science, Computer Engineering, Electrical Engineering, Network Security, Information Security, Information Technology, or Mathematics and 2-4 years of work experience in the field.
o Completion of an Associate’s degree or equivalent program in Computer Science, Computer Engineering, Electrical Engineering, Network Security, Information Security, Information Technology, or Mathematics and 4 to 6 years of work experience in the field.
RESPONSIBILITIES AND DUTIES
· Handle incident, users, stakeholders, franchisees and customers’ requests and questions received via phone, e-mail, or an internal ticketing system in a timely and detail-oriented manner to resolve a multitude of information security related incidents. Interact with, configure, and troubleshoot SIEM platform, Endpoint systems and other related systems via proprietary and commercial consoles. Meet service level agreements regarding response time and client notification.
· Provide expert technical support during business hours and participate on an on call rotation (24x7x365 basis), when assigned; according to our defined processes and procedures. This involves handling events arising from the SOC to perform extensive and expert troubleshooting and coordinating resolution or restoration of primary responsible systems.
· Duties will include the research, design, test and recommendations of security controls for server and storage infrastructure. Responsibilities will in the monitoring and metrics associated with security controls to ensure controls tuned for peak effectiveness.
· Additionally, duties will require the evaluation, recommendation, and adjustment of work processes as necessary to correct adverse trends. SOC Analyst - Tier 2 must have extensive knowledge of industry accepted standards for system hardening and be able to tune systems to the extent practicable to prevent non-authorized personnel from accessing server infrastructure while ensuring full business functionality.
· SOC Analyst – Tier 2 in this role are required to participate in troubleshooting efforts and must be able to perform technical writing, participate in briefings, as well as be a mentor for peer engineers and analysts. It should be expected that management from time to time would assign special projects.
· Perform proactive all-source research to identify and characterize new emerging threats, vulnerabilities, and risks based on security context.
· Interact with users, respond effectively to security issues, and understand our threat context to inform emerging threat research. Use threat research to develop actionable intelligence to drive our protection to include producing analysis to inform countermeasure development.
· Perform first-tier malware analysis using run-time analysis, comparative analysis, and reverse engineering tools.
· Produce actionable intelligence information for delivery to users in the form of support ticket responses, technical reports, briefings, and data feeds.
· Support SOC Security Analyst - Level 1 by providing intelligence in response to users, stakeholders, customers, and franchises escalations.
· Provide advice on security practices and procedures to peers and users, stakeholders, customers, and franchises.
· Generate and apply innovation via short-to-moderate term projects to improve efficiency, effectiveness, and service value.
· Participate in advanced incident response and targeted threat hunting engagements, document findings, develop incident response remediation recommendations and present both orally and written reports for incident response.
· Collaborate with teammates to develop focused threat intelligence that improves our incident response capabilities, our proprietary technology, and protects our clients.
· Contribute to the development and delivery of competitive services, methodologies, and deliverables in the security marketplace.
· Provide timely support for advanced malware analysis and reverse Engineering escalations. Serve as a top subject matter expert in key elements of the practice (e.g., Forensics, malware analysis, security Technologies, etc.).
· Contribute to the identification of process inefficiencies and improvement of threat intelligence services, methodologies, or proprietary tools through short- to moderate-term projects.
· Work as an internal subject matter expert for other peers and departments.
· Proactivity: Ability to assess and evaluate measures that would be valuable for test or program consideration.
· Innovation and Resourcefulness: Sense of innovation, creativity, and resourcefulness necessary to ensure test designs and execution steps are valuable and crafted to drive maturity.
· Self-Motivation: Ability to be self-driven and engaged while maintaining productivity and team progress. Actively seeing new ways to grow and be challenged, using both formal and informal development channels
· Communicates Effectively: Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences. Applies influence and negotiation skills to drive business results.
· Situational Adaptability: Adapting approach and demeanor in real time to match the shifting demands of different situations. Commitment to excellence and willingness to do what is necessary to get the job done.