Security Operations Center ( SOC ) Team Lead

Bechtel   •  

Glendale, AZ

Less than 5 years

Posted 188 days ago

Security Operations Center (SOC) personnel duties include but are not limited to:

  • Assist with handing out work assignments to junior team members
  • Provide coaching and feedback to maintain high standards of performance
  • Coordination and escalation of issues to the Incident Response team
  • Provide detection and response to securityevents and incidents within the Bechtel Enterprise Network
  • Thorough investigation of security alerts generated by our detection mechanisms (IDS, user reported, custom alerts, etc.)
  • Utilize industry standard network and host forensic tools in order to fully understand the scope of an incident
  • Work the full ticket lifecycle
  • Handle every step of the alert, from detection to remediation
  • Handle user reported cases of potential phishing, and spear phishing campaigns
  • Research, and analyze wide variety of commodity and APT based malware and techniques
  • Searching our existing infrastructure for signs of malware, and malicious events not detected by our existing security controls
  • Help develop, implement, and maintain SOC policies, processes and procedures

 

Why Bechtel SOC?

  • Use of bleeding edge tools, and analysis techniques
  • Opportunity to work with some of the best-in-the-industry Incident Response personnel
  • Great learning environment. Continued learning is encouraged, and supported

 

As a SOC Team Lead, you will be working with enterprise forensic capable systems, log analysis systems, and network collection systems to facilitate response to incidents on a global scale. You will work with industry respected malware, network and Incident Response analysts to coordinate a best in class response to computer related incidents.

Basic Qualifications:

  • 2+ years of experience in a security or incident operations role
  • 2+ years of experience leading a team
  • At least 2 years of experience and working knowledge of live forensics tools such as EnCase Enterprise, Mandiant Intelligent Response, Google Rapid Response, and/or FTK Imager
  • Bachelor's degree in Information Technology or 12years of experience
  • Must be a United States citizen

 

Required Skills:

  • Strong analytical, documentation, and communication skills
  • Experience with SIEM (Security Information Event Management) tools such as ArcSight or Splunk
  • Understanding of network traffic tools, techniques and analysis
  • Understanding of host forensics tools, techniques and analysis
  • Understanding of malware reverse engineering tools, techniques and analysis
  • Understanding of IDS & IPS technologies, both signature and behavior based
  • Understanding of Windowsevent log analysis
  • Experience with trouble ticketing and change management tools

 

Preferred Skills:

  • Excellent written and oral communication skills
  • Scripting/Coding experience in Python, C, JavaScript, etc
  • SANS Certifications, ideally GCIH, GCFE, GREM, GCFA
  • Advanced knowledge of Host Forensics, Malware Reverse Engineering, or Network Forensics
  • Knowledge of Regular Expressions

198480