About The Position
As a SecOps Engineer, you will be responsible for operating and responding to escalated alerts, notifications, and communication. You will provide incident response activities such as incident tracking, communication with stakeholders, remediation and recovery actions, and reporting. You will leverage security controls, policies, and intelligence, indicators of compromise (IOC), rules, and procedures to determine the scope and origin of the attack. The SecOps Engineer focuses on mitigation, recovery, and remediation once an attack has occurred. You will be expected to have knowledge of cybersecurity incidents, anomaly analysis, log analysis, digital forensics, common threat vectors. You will be able to comprehend reports and determine what additional action and response activities may be required to resolve an incident.
- Monitor, manage and configure SIEM and other security tools.
- Prioritize alerts or issues, and perform triage to confirm a real security incident has taken place.
- Receive incidents and perform deep analysis; correlate with threat intelligence to identify the threat actor, nature of the attack and systems or data affected. Decide on a strategy for containment, remediation, and recovery and act on it.
- Support/develop reports during and after incidents, including all actions taken to properly mitigate, recover and return operations to normal.
- Support forensic investigators and application security analysts in reactive and proactive threat hunting engagements.
- Perform endpoint, network, and log analysis
- Work with SIEM Engineering and other security partners to develop and refine correlation rules.
- 3+ years of relevant work experience at a SOC, including advanced event analysis leveraging SIEM tools.
- Formal cyber certification (e.g CISSP, CEH, CHFI) - advantage
- Advanced knowledge of TCP/IP protocols; experience operating and implementing various technical security solutions.
- Demonstrated proficiency in the Incident Response Process as well as threat hunting, malware analysis, and cyber forensics.
- Good understanding of system log information, and knowledge of how to collect specific data/attributes as necessary per incident event (host, network, cloud, etc)
- Good understanding & experience with Mac & Linux operating systems.
- Moderate experience with scripting (such as Python).
- Moderate protocol analysis experience (Wireshark, Netwitness, etc.).
- Moderate knowledge and experience with cloud technologies (Amazon, Azure).
- Advanced forensics, malware assessment, threat intelligence.
- White-hat hacker certification or training is a major advantage.
This job description is not designed to cover or contain a comprehensive listing of all activities, duties or
responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may
change at any time with or without notice. Fireblocks is an e-verify employer.