The Senior SOC Engineer role will serve as the team leader responsible for monitoring, detection and response activities for all types of security threats, events and alerts within Guidewire's Security Operations Center for the Public Cloud based SaaS and Corp IT environments. The role will report to the Director of Security Operations and is part of Guidewire's global Information Security group.
ESSENTIAL DUTIES AND RESPONSIBILITES
- Lead and collaborate with the MSSP's SOC analysts to provide subject matter expertise in security threat analysis, hunting, detection and response across Guidewire's Dev, Pre-Production, Production and Corp IT environments
- Act as Guidewire's Blue Team expert to develop ingestion rules and filters in sensors / platforms / appliances as relevant, and build content for the SIEM to provide actionable contextual threat intelligence data and improve visibility and detection in the SOC
- Perform analysis, investigation and correlation of actionable security events and alerts, using network traffic analysis, net flow, IDS/IPS, SIEM and/or any other custom sensor output as it pertains to security threat intelligence, analytics and visibility
- Participate in the Security Incident Response Team (SIRT) activities, helping SIRT to detect, respond, contain and recover from security incidents in a timely manner
- Provide inputs for development of Incident Response Procedures in the form of operational run books, for the most relevant incident types
- Willingness to be on call and serve as the point of contact for information security alerts and incidents
- 5+ years of previous experience working in security operations, hunt teams, threat intelligence or incident response – Public Cloud experience required
- 3+ years of hands on experience in LogRhythm SIEM - searching and querying of raw logs, tuning of events and alerts, analysis and investigation of alerts, and writing content for LogRhythm SIEM, AIE rules etc.
- Minimum 3 years of experience running security analytics, correlation, tuning, analyzing and investigating alerts from multiple security technologies including IDS/IPS, SIEM, Network, Endpoint and User Behavior Analysis tools, Network Packet Analyzers, Log Analysis (Windows, Linux, Web Servers, FIM, NextGen Firewalls, NextGen AV, WAFs, etc.)
- 3+ years of experience leading cyber security incident resolution as an Incident Response / SOC Engineer or Analyst in an Enterprise environment, with ability to investigate and understand threat campaign(s) techniques, lateral movements, C&C communications and indicators of compromise (IOCs).
- 2 years of hands-on experience with public Cloud platforms (AWS, Azure, GCP) with excellent understanding/working knowledge of IaaS, platforms and services (i.e. VPC, EC2, S3, RDS, AWS SDK, Lambda, AWS WAF, CloudFront, ECS, etc.)
- Experience developing and maintaining operations playbooks, run books, and the IR plans
- Advanced Knowledge of the TCP / IP protocol suite, security architecture, securing and hardening Operating Systems, Networks, Databases and Web Applications
- Thorough understanding of the threat and attack landscape, latest security trends, attack vectors, vulnerabilities, and how they are leveraged by malicious actors
- Security certifications like CISSP, GSEC, GCFA, GCIH, GCIA, CHFI, AWS certification etc. are highly desired
- Familiarity with industry common information technology control frameworks, particularly SOC1/2, Cloud Security Alliance, and ISO 27001/2.
- Excellent verbal and written communication skills and ability to document and explain technical details and incident reports clearly and concisely
- S. degree in Computer Science or related field or equivalent combination of professional development training and experience