TechnoGen
SOC Engineer/Analyst
TechnoGen, Alameda, California, United States, 94501
SOC Engineer/Analyst
Rate - Market/Flexible
Alameda, CA 94502 (Onsite)
Long-Term Contract
Essential Duties/Responsibilities Oversee the end-to-end threat management process, from initial detection and analysis to containment, eradication, and recovery. Ensure that all incidents are thoroughly investigated and documented and that lessons learned are incorporated into future threat management strategies Regularly assess the effectiveness of detection mechanisms and make necessary adjustments to improve accuracy and coverage. This includes conducting regular threat-hunting exercises to identify gaps and areas for improvement. Create and refine correlation rules within the XDR Platform (Cortex XDR) to identify complex attack patterns and reduce false positives. This involves analyzing security events and developing rules that accurately detect malicious activities. Incorporating threat intelligence feeds into the team's detection capabilities to stay updated on the latest threats and attack techniques. Use this intelligence to enhance detection rules and response strategies Utilize machine learning and behavioral analytics to identify anomalies and potential threats that traditional signature-based tools might miss. This includes analyzing user behaviors and network traffic to detect suspicious activities Regularly review and fine-tune the configurations of current security tools such as SIEM, EDR, and IDS/IPS to ensure they are effectively detecting and alerting on potential threats Work with various log sources and data feeds to enhance the visibility and detection capabilities of the team. This includes integrating logs from network devices, servers, applications, and Cloud environments Co-create and maintain playbooks to standardize and automate threat response procedures. This includes developing automated workflows to streamline incident response, reduce response times, and improve the overall efficiency and effectiveness of the cybersecurity operations team Stay current with the latest threat landscape and emerging trends in cybersecurity to proactively identify and mitigate potential security risks; Contribute to the overall information security strategy Experience
Extensive experience in Palo Alto Cortex XDR and a deep understanding and practical application of XQL queries is required Extensive experience in a SOC environment, with a strong background in threat detection, incident response, and threat hunting Experience with threat intelligence platforms and integrating threat intelligence feeds to security tools to enrich threat detection Experience in proactive threat hunting to identify and neutralize emerging threats Experience or working knowledge of cloud, network, and application security; B achelor's degree in a related discipline and 10+ years of IT/related experience or equivalent combination of education and experience CISSP, CISM, CEH, OSCP, GIAC or similar cybersecurity certification required Experience in Biotech/Pharma is a plus Knowledge/Skills/Abilities
Proficiency with SOC tools and technologies such as SIEM (Splunk), EDR (Cortex), and IDS/IPS (e.g., Snort, Suricata) Strong scripting skills (e.g., Python, PowerShell) to automate tasks, enhance detection capabilities, and develop automation through a SOAR platform Ability to configure and fine-tune security tools to maximize their effectiveness by integrating various log sources and data feeds to enhance visibility and detection Ability to work with various data sources to create high-fidelity alerting Knowledge of machine learning and behavioral analytics to identify anomalies and potential threats Ability to develop and refine correlation rules within SIEM to detect complex attack patterns, leveraging the MITRE ATT&CK framework Strong analytical skills to correlate events and make informed decisions based on data Ability to analyze user behaviors and network traffic to detect suspicious activities; establish and maintain strong relationships with security vendors Extensive knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application whitelisting, and endpoint protection Outstanding judgment and problem-solving skills, including negotiation and conflict resolution Ability to work in a team environment, create timelines, and continually make necessary adjustments Excellent communication skills; Resourceful and proactive in finding innovative solutions to challenges A mindset focused on continuous learning and improvement
Thanks & Regards
Mateenuddin mateenuddin.@technogeninc.com | 571-934-3415
Rate - Market/Flexible
Alameda, CA 94502 (Onsite)
Long-Term Contract
Essential Duties/Responsibilities Oversee the end-to-end threat management process, from initial detection and analysis to containment, eradication, and recovery. Ensure that all incidents are thoroughly investigated and documented and that lessons learned are incorporated into future threat management strategies Regularly assess the effectiveness of detection mechanisms and make necessary adjustments to improve accuracy and coverage. This includes conducting regular threat-hunting exercises to identify gaps and areas for improvement. Create and refine correlation rules within the XDR Platform (Cortex XDR) to identify complex attack patterns and reduce false positives. This involves analyzing security events and developing rules that accurately detect malicious activities. Incorporating threat intelligence feeds into the team's detection capabilities to stay updated on the latest threats and attack techniques. Use this intelligence to enhance detection rules and response strategies Utilize machine learning and behavioral analytics to identify anomalies and potential threats that traditional signature-based tools might miss. This includes analyzing user behaviors and network traffic to detect suspicious activities Regularly review and fine-tune the configurations of current security tools such as SIEM, EDR, and IDS/IPS to ensure they are effectively detecting and alerting on potential threats Work with various log sources and data feeds to enhance the visibility and detection capabilities of the team. This includes integrating logs from network devices, servers, applications, and Cloud environments Co-create and maintain playbooks to standardize and automate threat response procedures. This includes developing automated workflows to streamline incident response, reduce response times, and improve the overall efficiency and effectiveness of the cybersecurity operations team Stay current with the latest threat landscape and emerging trends in cybersecurity to proactively identify and mitigate potential security risks; Contribute to the overall information security strategy Experience
Extensive experience in Palo Alto Cortex XDR and a deep understanding and practical application of XQL queries is required Extensive experience in a SOC environment, with a strong background in threat detection, incident response, and threat hunting Experience with threat intelligence platforms and integrating threat intelligence feeds to security tools to enrich threat detection Experience in proactive threat hunting to identify and neutralize emerging threats Experience or working knowledge of cloud, network, and application security; B achelor's degree in a related discipline and 10+ years of IT/related experience or equivalent combination of education and experience CISSP, CISM, CEH, OSCP, GIAC or similar cybersecurity certification required Experience in Biotech/Pharma is a plus Knowledge/Skills/Abilities
Proficiency with SOC tools and technologies such as SIEM (Splunk), EDR (Cortex), and IDS/IPS (e.g., Snort, Suricata) Strong scripting skills (e.g., Python, PowerShell) to automate tasks, enhance detection capabilities, and develop automation through a SOAR platform Ability to configure and fine-tune security tools to maximize their effectiveness by integrating various log sources and data feeds to enhance visibility and detection Ability to work with various data sources to create high-fidelity alerting Knowledge of machine learning and behavioral analytics to identify anomalies and potential threats Ability to develop and refine correlation rules within SIEM to detect complex attack patterns, leveraging the MITRE ATT&CK framework Strong analytical skills to correlate events and make informed decisions based on data Ability to analyze user behaviors and network traffic to detect suspicious activities; establish and maintain strong relationships with security vendors Extensive knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application whitelisting, and endpoint protection Outstanding judgment and problem-solving skills, including negotiation and conflict resolution Ability to work in a team environment, create timelines, and continually make necessary adjustments Excellent communication skills; Resourceful and proactive in finding innovative solutions to challenges A mindset focused on continuous learning and improvement
Thanks & Regards
Mateenuddin mateenuddin.@technogeninc.com | 571-934-3415