This is a full-time equivalent position working in USA business hours (6am to 6pm PST Los Angeles).
The Lead Associate for the IT and Security Team is responsible for the overall direction of our SOC and NOC. This role requires thought leadership and includes responsibilities such as Security Monitoring, Preventative and Detective Controls, Forensics and Investigations, Security Awareness, Security Vulnerability Management and Cyber Threat Intelligence activities.
RESPONSIBILITIES:
- Lead the overall direction, growth and success of our SOC (our MSSP company, CYB3R-X) and NOC.
- Overall process improvement for SOC and NOC.
- Assess, triage and prioritize security alerts from logging and monitoring systems.
- Identify, triage, and remediate threats based on threat intelligence as well as active analysis of log data. Assess newly published vulnerabilities and attacker Tactics,
- Techniques and Procedures (TTPs) to identify possible defensive measures to locate and stop threat actors. Translate these defensive measures into actionable change in coordination with Information Security engineering team.
- Analyze, reverse engineer, and enumerate the content of malicious payloads to identify point of origin, mechanism of operation, and possible indicators of compromise. Use this data to explore and identify the threat actor for the purposes of referral to law enforcement and more proactive/comprehensive defense from future attacks.
- Use knowledge of customer’s enterprise to triage and categorize incidents, locating the root vulnerability or issue that allowed it to occur. Communicate findings back to other teams in an actionable way for the purposes of improving/securing systems from future attack.
- Operate and help mature a SOC playbook to protect.
- Evaluate system, application, and user data for adherence to organizational policies and procedures.
- Publish findings and data to internal team groups in a concise fashion for the purposes of building security awareness.
- Improve and implement patch management process.
- 1 to 2 hours each day assisting help desk with QA, overflow, and scripting to automate routine tasks.
BASIC QUALIFICATIONS:
- 6+ years of professional experience in information security areas, to include threat hunting, incident response, malware reverse-engineering, forensics, security analysis, security engineering, etc.
- Experience with operating system internals for both Linux and Windows platforms.
- Experience with network and host-based collection tools or commercial EDR solutions such as Cynet, Carbon Black or Crowdstrike.
- Experience with SIEM tools such as QRader or LogRhythm.
PREFERRED SKILLS AND EXPERIENCE:
- Technical degree
- Understanding of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles.
- Understanding of temporal analysis, long-tail analysis, and event correlation
- Experience using regular expressions and scripting language(s) (e.g. Python, Bash or PowerShell) for the purposes of automating security operations and incident response processes.
- Working knowledge of network TCP/IP protocols.
- Experience using Darktrace, EventTracker, Splunk and/or other SIEMs.
- Experience with reverse-engineering, C&C exploitation, and broader system/network forensics.
- Experience with forensics frameworks such as Volatility and GRR preferred, not required.
- Experience writing exploits and identifying novel vulnerabilities, preferred, not required.
- Demonstrable track record of getting things done quickly with high quality.
- Security community contributions (blog posts, white papers, , tool development, etc.), preferred, not required.
- CISSP or equivalent certification preferred, not required.
- Exceptional written and fluent verbal English communication skills.
- Exceptional organizational skills.