Jr. Cyber security engineer with Python scripting exp - Radiant Digital

Note:-

Mid shift- 11:pm to 7:30 am

MUST HAVE SKILLS:

- Ability to obtain GSA Public Trust clearance

- At least three years of experience in security-related fields including prior SOC experience

- Ability to communicate clearly and concisely in written and oral English

- Experience using a supported Security Incident Event Management (SIEM) for analytics

- Knowledgeable with scripting, parsing, and query development in enterprise SIEM solutions

- Experience in tuning use cases & content, driven from day to day optimizations, with understanding

of best practices to ensure adjustments do not cause false negatives

- Experience with documenting processes and procedures as well as training team members on

processes and procedures

- Exceptional problem solving skills

- Ability to drive process improvements and identify gaps

- Proactive in engaging with customers and Verizon management teams

- Thorough understanding of threat landscape and indicators of compromise

- Experience with incident response techniques related to network forensic analysis

- Experience investigating security incidents with SIEMs, use case development/tuning, and

understanding of incident response

- Experience with IPS including analyzing alerts generated by the inspection with consideration to

how signatures are written, and how to identify false positives

- Experience with implementing changes on next generation firewalls including firewall policy &

content inspection configuration ( Fortimanager, Fortigate, Cisco, Palo Alto, Checkpoint, etc.)

- Skilled with Linux command line

- Experience with health and availability monitoring; understanding of device logging and ingestion,

network troubleshooting, and device troubleshooting

DESIRED SKILLS:

- Scripting knowledge in (ie. Python, Powershell, Bash Shell, Java, etc.)

- Incident response experience utilizing different SIEMs and industry best practices

- Experience with customer service and supporting service desk functions such as IAM management

JOB DUTIES:

Security Analysts comprise the primary labor force within the Security Operations Center. Tier-2

Security Analysts come from an enterprise background with at least three years’ experience working

in a security-related field, enabling them to undertake a wide variety of tasks across a number of

different platforms. Analysts will handle day-to-day tasks, as well as short-notice ad-hoc work, and

see the tasks through to completion with minimal supervision. Security Analysts provide critical value

to the Security Incident and Event Management (SIEM) workflow, leveraging their extensive

knowledge to provide context to events; recommendations for remediation actions; and suggestions

for implementing best practices and improving standard processes and procedures.

Duties of the Tier-2 Senior Security Analyst include:

- Provide “eyes on glass” near real-time security monitoring in a 24x7 environment by monitoring

security infrastructure and security alarm devices for Indicators of Compromise utilizing a proprietary

SIEM and cybersecurity tools;

- Perform near real-time security monitoring of alerts and escalating critical alerts in compliance with

the service level agreement;

- Detect security incidents and analyze threats for complex and/or escalated security events;

- Respond to customer Requests For Information including using Linux command line skills to query

raw logs for IOCs, answering questions about the MSS infrastructure, and features of the SIEM

including correlation engine while recommending best practices;

- Develop internal and/or external documentation, such as detailed procedures, playbooks, and

runbooks; review and assess reports concerning operational metrics;

- Perform level 2 assessment of incoming alerts (assessing the priority of the alert, determining

severity of alert in respect to customer environment, correlating additional details) and coordinate

with tier III for critical priority incidents, if necessary;

- Perform incident response activities utilizing customer SIEM and cybersecurity toolkits;

- Assist with quality control during onboarding of new customers to verify validity of Use Cases and

generated alerts;

- Utilize the SOC Knowledge Base and provide input on revisions as needed;

EDUCATION/CERTIFICATIONS:

- Required: Bachelors or higher degree in Computer Science, Information Security, or similar

discipline

- Required: industry certification(s) such as CISSP, SANS GIAC or GCIH, CompTIA Security+,

CCNP-Security, Palo Alto CNSE, Fortinet NSE, CySA+, GCED, CEH, or comparable security-related

certification

LOGISTICS:

- Shift work required, including nights and weekends. Team members work 5x8 hour shifts per week.

The position would start off as a Monday through Friday 7:00a, - 3:30pm while the new hire is

onboarded and trained.