Position Information |
- Position Title: IR Engineer 3 / SOC Analyst
- Location: Hybrid
- If Hybrid how many days per week Monday Thursday in client office / Friday remote
- Address: Raleigh NC
- Work Authorization: US Citizens
Day to Day |
- Dive deep into incident analysis by correlating data from various sources determining if a
critical system or data set has been impacted advising on remediation and supporting new
analytic methods for detecting threats
- Conduct incident handling including containment eradication and recovering closing out
reports and lessons learned and escalating to specialized analysts or SOC managers during
malware analyses or adversity hunt missions
- Review alerts to determine relevancy and urgency and communicate alerts to agencies
regarding intrusions to the network infrastructure applications and operating systems
- Collaborate with other teams to assess risk and enrich client alerts
- Collect intrusion artifacts including source code malware and Trojans and use discovered
data to enable mitigation and threat intelligence discovery
- Receive and analyze network alerts from various sources within the enterprise and determine
possible causes of such alerts correlate incident data to identify specific vulnerabilities and
make recommendations that enable expeditious remediation
- Stay up to date with current vulnerabilities attacks and countermeasures
- Goal is to be the best l3 analyst in their space
- Growth down the line
Must Haves |
- In laymans terms what does this person need to be doing in their job every day Whats the problem they are solving Working with a leading biopharm company within their SOC center to work on best practices & evolving technology
- What type of experience is needed and how does this experience translate to the actual role
- EDR SIEM Proxy Analysis tools cyber tools etc.
- Top Must Haves
- Lead a SOC or small team
- How to triage in multiple endpoint detection tools
- Very thick skin & great comms skills
- 3 years of experience as part of a Computer Incident Response Team (CIRT) Computer
Emergency Response Team (CERT) Computer Security Incident Response Center (CSIRC) or
Security Operations Center (SOC)
- CompTIA Net CompTIA A CompTIA Security GIAC Certified Incident Handler (GCIH) or
EC Council Certified SOC Analyst (CSA) (can speak the language not required)
- Education: BA or BS degree or 4 years of experience with equivalent Cyber work (ideally)
- Soft Skills: thick skin no ego ability to gauge when the right time to push back on leadership (HEADS DOWN BOOTS ON THE GROUND TYPE)
Nice to Haves |
- Consulting experience specifically at the big four really prioritize
- Biopharm experience
- Military background
- GIAC Certified Incident Analyst (GCIA)
- MS in Cyber Operations or related Cyber Security studies
- Splunk Core Certified Advanced Power User
- Analytic Path / Threat Analysis Endpoint
Resume:
- An IR person with experience in Big 4 (Deloite EY
- Consulting / client facing experience
- How it affects the business / clients is a big plus
BioPharma Companies nice to have
- Pfizer Inc. Pharmaceuticals and Healthcare
- Johnson & Johnson. Pharmaceuticals and Healthcare
- Merck & Co Inc. Pharmaceuticals and Healthcare
- AbbVie Inc
- BristolMyers Squibb Co
- Abbott Laboratories
- Eli Lilly and Co
Background |
- Role/Position Background: IR Engineer 3 / SOC experience
- Years of Experience Needed: 35 years w/ degree 7 without not a leader / manager
- Types of environments candidates should be coming from Consulting / client facing
Selling points on position and team |
- Working with leading biopharm client
- Brand new company with aggressive growth goals and future plans
Job Description |
The Challenge:
Are you ready to take an active role in cyber defense Are you looking for an opportunity to
protect critical infrastructure from the constant onslaught of cyber attacks If you want to
challenge your skills and stretch your limits by analyzing cyber threats realtime then come join
our team.
As an analyst on our SOC team youll monitor and analyze threats using stateoftheart tools
like Cortex XSOAR Crowd Strike Fire Eye Tanium Elastic Splunk Securonix and Service Now.
Youll use your cyber security skills to:
- Dive deep into incident analysis by correlating data from various sources determining if a
critical system or data set has been impacted advising on remediation and supporting new
analytic methods for detecting threats
- Conduct incident handling including containment eradication and recovering closing out
reports and lessons learned and escalating to specialized analysts or SOC managers during
malware analyses or adversity hunt missions
- Review alerts to determine relevancy and urgency and communicate alerts to agencies
regarding intrusions to the network infrastructure applications and operating systems
- Collaborate with other teams to assess risk and enrich client alerts
- Collect intrusion artifacts including source code malware and Trojans and use discovered
data to enable mitigation and threat intelligence discovery
- Receive and analyze network alerts from various sources within the enterprise and determine
possible causes of such alerts correlate incident data to identify specific vulnerabilities and
make recommendations that enable expeditious remediation
- Stay up to date with current vulnerabilities attacks and countermeasures
Youll work with the team to understand mitigate and respond to threats quickly restoring
operations and limiting the impact. Youll analyze incidents to figure out just how many systems
are affected and assist recovery efforts. Youll combine threat intelligence event data and
assessments from recent events and identify patterns to understand attackers goals to stop
them from succeeding. This is a great opportunity to build your cyber security skills with hands
on experience in threat assessment and incident response. Join us as we protect our clients
from malicious actors.
Empower change with us.
You Have:
- 3 years of experience as part of a Computer Incident Response Team (CIRT) Computer
Emergency Response Team (CERT) Computer Security Incident Response Center (CSIRC) or
Security Operations Center (SOC)
- BA or BS degree or 4 years of experience with equivalent Cyber work
- CompTIA Net CompTIA A CompTIA Security GIAC Certified Incident Handler (GCIH) or
EC Council Certified SOC Analyst (CSA)
Nice If You Have:
- GIAC Certified Incident Analyst (GCIA)
- MS in Cyber Operations or related Cyber Security studies
- Splunk Core Certified Advanced Power User