We are looking for a Security Operations Center Engineer and Cyber Defense Incident Responder (5+ years of experience).
The office is located in Tel-Aviv and the role is daily shifts 5 days a week. (no night shifts).
This is the position of an analyst with about 5 years of experience (with the possibility of being a leader/team leader.) Areas of providing SIEMSOC services for a classified security project.
A valid level 3 security classification is required or has been valid for the past two years
Responsibilities:
Developing and implementing SIEM solution
Develop content for a complex and growing SIEM infrastructure.
Monitor SIEM and other event sources, assess, prioritize, escalate, and manage security alerts.
Perform analysis of security, network database and application logs, correlate events, and activities to create threat scenarios in order to get ahead of threat actors and reduce the exposure.
Lead the imminent threat/zero-day response function across the environment.
Translate threat intelligence into actionable security across tools such as firewall, IPS and malware detection across multiple security vendor platforms.
Track and resolve security incidents on regular frequencies and collaborate with other teams for resolution and suggest areas for improvement.
Continuous fine-tuning of our security solutions to reduce the occurrence of false positive and false negative alerts.
Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
Perform cyber defense trend analysis and reporting.
Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems.
Write and publish cyber defense techniques, guidance, and reports on incident findings.
Qualifications
A minimum 5 years’ experience in Security Operations or similar role
Experience in a Managed Services role.
Experience as an incident responder.
Threat hunting experience
Experience with tools and technologies such as ELK stack, Sigma, Velociraptor, Sysmon, osquery, TheHive.·
Working knowledge of industry best practices such as HIPAA, PCI-DSS, and NIST·
Experience working with email platforms such as O365, G Suite, and Exchange
Deep recognition of diverse security controls and monitoring, with the ability to analyze malicious files.
Familiarity with offensive security, including knowledge of diverse attack methods and techniques.
Advantage – military’s experience in the field of cybersecurity.