Security Operations Center Engineer

Who We Are:

We are a privately owned leading Managed IT Services company (Managed Service Provider). Since 1997 we have specialized in providing managed IT services and managed security services for our clients. which are made up of small to medium-sized enterprises. We are looking for highly passionate individuals to join our team to help and drive the growth and success of our company.

Job Description:

ICE Consulting is seeking a talented Security Operations Center (SOC) Engineer to join our Team. The Security Operations Center Engineer role requires the individual to work as part of the Security Operations Center (SOC) team and help in monitoring and analyzing the environment, identifying, and responding to security threats that put the company at risk. The engineer will own leading-edge solution/s that are intended to improve the security posture of the company. With his domain expertise, the engineer is expected to provide thought leadership and provide sound technical mentorship on how to respond and analyze to security incidents based on security best practices.

Essential Responsibilities:

• Developing and implementing SIEM solution internally and as well for clients and/or candidates who have strong experience in assessing and implementing SIEM and other operational tools and processes for a Security Operations Centre (SOC)
• Develop content for a complex and growing SIEM infrastructure. This includes use cases, dashboards, active channels, reports, rules, filters, trends and active lab sessions.
• Use SIEM in the daily operational work which includes but not limited to Administer, operate, manage SIEM platform and regular activities of ensuring the health of log sources, parsers, alerts, reports etc. and enduring that the platform is operating as planned.
• Monitor SIEM and other event sources, assess, prioritize, escalate and manage security alerts.
• Perform analysis of security, network database and application logs, correlate events and activities to create threat scenarios in order to get ahead of threat actors and reduce the exposure.
• Lead the imminent threat/zero-day response function across the environment.
• Translate threat intelligence into actionable security across tools such as firewall, IPS and malware detection across multiple security vendor platforms.
• Track and resolve security incidents on regular frequencies and collaborate with other teams for resolution and suggest areas for improvement.
• Must have some experience building custom connectors/parsers etc. to point devices or IT assets that are not supported out of the box.
• Own and operate most important security solutions designed to protect the company from cyber threats and attacks.
• Lead in deploying new solutions and technologies to improve the security posture of the company.
• Continuous fine-tuning of our security solutions to reduce the occurrence of false positive and false negative alerts.
• Working knowledge and experience with the MITRE framework for cyber adversary tactics and techniques

Must have working knowledge of any SIEM solution like QRadar, Sentinel, Splunk, Logrythm or Open Source SIEM (Wazuh, ELK)

The ideal candidate will have

• Should have deep technical knowledge of the following:
• System security and SIEM implementation experience
• In-depth experience and understanding of Security Event Management – both from a technology/tool as well as process perspective.
• Demonstrated knowledge of TCP/IP networking and major protocols such as: HTTP, SSL/TLS, DNS, SMTP
• Demonstrated experience and expertise with several of the following technology competencies with SIEM, vulnerability scanning tools (Nexpose, Metaspolit), File Integrity Monitoring, and Data Loss Protection etc.
• Development of security scripts in PowerShell or Python for areas such as: automated detection and scanning capabilities
• Network stream analysis using PCAP data and packet reconstruction.
• Experience executing on a defined Incident Response Frameworks and Handling Procedures such as NIST, SANS.
• Current knowledge of security threats, solutions, security tools and network technologies
• An understanding or proficiency in information security and compliance regulations (ISO 27001, PCI DSS, GDPR)
• Keen ability to diagnose and troubleshoot technical issues, excellent problem-solving skills.
• Fluency in English, written and spoken is a must.
• Excellent documentation skills
• Must be able to work independently and also a team player.
• You may be required to travel on a need basis.

Education & Qualifications

• 2 to 5 years of professional experience
• Bachelor’s Degree in an IT related discipline
• In lieu of certifications, at least 2 years of information security, auditing or risk management experience