Role responsibilities:

• Review security-related events and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information in order to provide clients with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations
• Provide customers with understandable context around their security environment and threats
• Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value
• Work with client and internal Secureworks incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents
• Provide mentorship to Secureworks team members and clients on security strategy, tactics, techniques, and procedures
• Use the Secureworks platform to proactively hunt for and investigate activity within the client environment
• Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of indicators of compromise
• Act as first point of coordination for escalations coming on shift directly from customers via chat, tickets, investigations, (with support from manager)
• Act as shift coordinator by prioritizing the tasks, activities, internal and external client’s requests
• Provide support for all other teams involved in the delivery of the service whenever they have questions or requests from customers.
• Collect and validate flows/processes/tools issues reported by his shift and present them to the manager
  Involve in technical assessments, coaching and/or development of training programs for the team members
• Tracking and reporting of KPIs

Requirements

Experience, Skills and Abilities

Significant experience with and expert understanding of:

• Two (2) or more of the following operating systems (Windows, Linux, Mac OS) at a filesystem level
• Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.)
• Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)

Experience with and strong understanding of:

• Performing both endpoint and network-based investigations
• Reviewing logs to identify evidence of past intrusions
• Pivot off indicators within networks to identify the scope and breadth of attacks
• Malware and exploit kit functionality
• Operating system and application exploits
• Lateral movement, living-off-the-land, and persistence establishment mechanisms
• Detection of anomalous system activity
• Threat hunting methodologies
• Incident response and incident handling processes
• Skills and/or abilities required to perform the essential functions of the job
• Ability to research and characterize security threats including creating appropriate countermeasures
• Ability to write scripts to automate new and existing tasks
• Strong technical communication skills, both written and verbal
• Attention to detail and great organizational and time management skills
• Excellent problem solving skills that would allow for the ability to diagnose and troubleshoot technical issues
  Client-focused with a passion for delivering service excellence
• Courage and willingness to challenge conventional wisdom
• Great leadership and coaching skills
• Communication – The ability to make himself well understood by others through the capacity to clearly and convincing express his point of view, to actively listen and control the conversation flow)
• Risk assessment and decision making -The ability to analyze within reason facts and situations, decision making, evaluating consequences of others and undertake acceptable risks
• Influencing – the ability to convince others of his opinions and determine them to follow
• Task management and planning – The ability to effectively set an adequate action plan for himself/herself and for others, in order to reach a goal
  Strong sense of urgency and ability to work under pressure
• Possess high standard of integrity and confidentiality

Education/Experience

• 5 + years of relevant experience or equivalent combination of education and work experience:
• Completion of a Bachelor’s degree or equivalent program in Computer Science, Network Security, Information Security or other applicable field and 5+ years of work experience in the field

Certifications

• Industry certification from vendors: ISC2, GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Unix, Microsoft, Oracle, etc. (eg: GCIA, GWAPT, GCIH, GCFA/GCFE, GREM, OSCP/OSCE, eLearn THP or similar certification preferred)

Language

• English – Very strong verbal and written skills