This position is within the cybersecurity organization at Digital Maelstrom. Candidates are responsible for the timely detection and escalation of operational or security events in monitored client environments. They will work closely with other engineers, principal consultants, and various client contacts such as stakeholders, architects, business analysts, and management.
Duties
- Gather, compile, and synthesize information regarding technology and processes.
- Must possess strong interpersonal and communication skills.
- Ability to work effectively with customers to solve business challenges while balancing the need for confidentiality, integrity, and availability.
- Proven ability to work with diverse audiences and translate technical information into non-technical information.
- Commitment to fostering a diverse working environment.
- Be capable of continually improving one’s own skill set relevant to business and technical missions with oversight. Must take initiative, negotiate with project management, and execute successfully on plans.
- Able to participate in agile team practices; reflect honestly on own performance, participate in shared team accountability, recommend changes for team improvement.
- Must be able to handle sensitive information with appropriate discretion according to company policies.
- Provide frequent status updates to clients and internal stakeholders.
- Review logs and other security event data for signs of cyber threats, vulnerabilities, or attacks and escalate to senior engineers.
- Work with senior engineers to test complicated and detailed aspects of a security posture or configuration, identify deficiencies, and recommend remediation actions.
- Work with senior engineers to write manual and automated tests as part of a normal security practice.
- Operate SOC (Security Operations Center) technologies according to documented standard operating procedures, including but not limited to a Security Information Event Management (SIEM) platform, Intrusion Detection Systems (IDS), Firewalls, Anti-Malware solutions, and insider threat software.
- Prepare assigned reports for the SOC shift manager.
- Provide high-quality written and verbal reports as required.
- Recommend new alert rules and logic to detect events of interest for approval by security analysts.
- Assist in the design, documentation, and execution of security awareness programs.
- Participate in risk-based analysis of security controls and requirements.
- Provide technical assistance to other IT (Information Technology) functions with regards to security objectives and requirements.
- Monitor, triage, and respond to helpdesk calls, operational alerts, and tickets for clients as a first point of contact.
- Responsible for managing helpdesk ticket intake queues and responding to requests.
- Respond and escalate when appropriate to alerts, events, and requests with appropriate urgency.
- Assist clients with technical support needs.
- Manage personal tasks and prioritization including actions for ticket queues, scheduling, and communications to clients and stakeholders.
- Other duties as assigned.
Requirements
Required Qualifications
- Familiar and efficient in computer skills to communicate remotely, author documents & reports, and organize work.
- Able to identify critical IT operational or security issues quickly and accurately.
- Experience supporting, using, and investigating issues on Windows, Linux, macOS platforms.
- Understands networking fundamentals, protocols & application behaviors as related to security matters.
- Self-motivated, detail-oriented, methodical, and organized to accomplish assigned tasks.
Preferred Qualifications
- A solid understanding of best practices and techniques in attacking or defending information systems.
- Have experience with detection and SIEM tools and techniques (Sigma, Elastic Security, Microsoft Defender for Endpoint, etc.).
- Experience with Command-line Interfaces, Shells, and Shell scripting.
- Experience with Microsoft 365.
- Experience with secure configuration and implementation of systems.
- Cloud experience (any of AWS (Amazon Web Services), Azure, Google Cloud).
- Bachelor’s Degree in Computer Science, Information Systems, or related field; or certification in relevant programs (CISSP, CSSLP, OSCP, GPEN, GIAC, CompTIA A+, Network+, Security+, or others); or equivalent work experience.
#J-18808-Ljbffr