IR-SOC Engineer

Reporting to the Security Operations Center (SOC) Senior Manager, this person will work alongside an expanding team of information security professionals with the shared goal of protecting the Firm’s security posture and staying one step ahead of threat actors. The person in this role will develop and integrate an Incident Response (IR)/SOC security infrastructure to monitor the Firm’s on prem and cloud environments, articulate technical security requirements, monitor the effectiveness of the IR/SOC, make recommendations for enhancements, and help raise the level of security awareness.

The Senior IR-SOC Engineer serves as a critical bridge between operations and engineering. This very skilled professional has developed additional experience integrating SOC systems, people, and process. This role includes implementation, maintenance and configuration of key SOC technology initiatives.

Responsibilities/Duties

• Drive and improve continuous monitoring and incident response, serving as a senior resource in our SOC and Incident Response processes.

• Configure and integrate platforms, tools, service providers, and solutions into our IR/SOC systems, make recommendations as needed.

• Consolidate and improve security logging and monitoring solutions on premise and in the cloud to detect and respond to security threats in real time.

• Drive and guide efforts to automate and accelerate the detection and response processes

• Coach and mentor SOC Analysts on process, tools, and skills development.

• Partner with Security Engineers to assess and select appropriate security controls and technologies related to continuous monitoring and incident response.

• Ensure integration of input from the Firm’s deployed suite of security tools to SOC systems (e.g. SIEM/SOAR), including, but not limited to, IDS/IPS, End Point Protection, MDR/XDR, PAM, MFA, DNS Security, and cloud security posture management.

• Ensure the Firms Incident Response and security monitoring systems adhere to security best practices and baselines to ensure a secure configuration of platforms and resources.

• Advise and work closely with the Identity and Access Management (IAM) team to ensure IR/SOC visibility into authentication to the Firm’s resources.

• Participate in the computer security incident response team efforts and other security investigation activities as assigned, including on call escalation rotation.

• Assist leadership with trend analysis, reporting, and metrics development to drive continuous improvement.

• Lead tactical and strategic level efforts to develop process and runbooks as well as capture lessons learned and improve tools and process.

• Provide technical assistance to IT staff in the detection and resolution of security problems.

• Coordinate multiple projects concurrently and influence the decision making process.

• Communicate and report issues, status, and results to senior management.

• Perform other duties as assigned.

Physical demands:

• Sedentary work: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

• Sitting: Remaining in the seated position, particularly for sustained periods of time

• Walking: Moving about on foot to accomplish tasks, particularly for long distances or moving from one work site to another

• Lifting: Raising objects from a lower to a higher position or moving objects horizontally

• Carrying: Transporting an object, usually holding it in the hands or arms, or on the shoulder

• Pulling/Pushing: Using upper extremities to exert steady force upon an object so that the object moves toward or away from the force

• Bending/Stooping/Kneeling/Crouching: Bending body downward and forward by bending legs and spine, or by bending legs at knees

• Reaching: Extending hand(s) and arm(s) in any direction

• 8+ years of hands-on experience in information security related responsibilities with a strong focus on SOC engineering, incident response, and thread detection/hunting

• In-depth knowledge of IR/SOC monitoring, alerting and investigation tools platforms, process, and architecture.

• Experience working with cloud security technologies (AWS, Azure DevOps, Kubernetes, GCP, etc) including cloud log analysis, monitoring, detection, and incident response.

• Experience with SOC use of SIEM, SOAR, IDS/IPS, DLP, and Endpoint security

• Experience with third-party security monitoring solutions and providers

• Ability to effectively prioritize and execute tasks

• Ability to effectively present information verbally and in writing

• Must be able to work collaboratively in a team environment and independently

• Ability to handle sensitive and/or confidential material and information with suitable discretion

• Excellent interpersonal skills and a professional demeanor; ability to work effectively with all levels of Firm personnel and vendors

Required Education

Required:

• Bachelor’s (or Master’s) degree in information security, IT, related discipline, or equivalent experience

Preferred:

• Professional certifications such as GIAC Certified Incident Handler (GCIH); GIAC Certified Intrusion Analyst (GCIA); Certified Information Systems Security Professional (CISSP)