Nclose Pty Ltd.
Mid Level Response Engineer
Nclose Pty Ltd., Raleigh, North Carolina, United States,
Are you an experienced cybersecurity professional with a passion for Blue Teaming? Do you thrive on mentoring others and tackling complex security challenges? If so, we want to hear from you!At Nclose, our Managed Detection and Response (MDR) Team is expanding rapidly, and we're seeking skilled and motivated mid to senior-level SOC Analysts to join us. You'll play a key role in guiding and supporting our juniors and interns, while also diving into the more intricate aspects of cybersecurity that keep our clients secure.This is a fantastic opportunity for someone looking to advance their career in cybersecurity, particularly within the Blue Team arena. You'll be at the forefront of responding to and investigating malicious activity, triaging alerts, and helping customers navigate security incidents.We pride ourselves on our vibrant company culture and offer a hybrid/remote work policy that supports a healthy work/life balance. We're open to candidates from other provinces, so if you're ready to be part of an innovative, growing team that values mentorship, continuous learning, and cutting-edge technology, Nclose could be the perfect fit for you.In return, we offer exceptional career growth opportunities, ongoing training, and a supportive environment where every day brings new challenges and learning experiences. Once settled in, you'll be part of a well-structured roster designed to maintain your work/life balance.Responsibilities
Triage security alerts to assess if additional investigation is required.Conduct thorough investigations to identify the root cause of incidents, collaborating with team members or escalating when necessary.Ensure that incidents are communicated clearly and timeously with clients for effective resolution.Operate as part of a team conducting work collaboratively within a shift-based team to provide continuous security monitoring and response.Process Improvement:Regularly review and update incident response procedures to enhance efficiency and effectiveness.Establish close alignment with the Detection team to analyze alert trends to refine detection rules to minimize false positives.Proactively hunt for potential threats, using advanced techniques to uncover hidden risks before they escalate.Assist the Incident Response Team Leader to streamline response workflows through automation, orchestration and/or other innovative methods.Establish methodologies to ensure that the alert queue is triaged effectively, allowing for appropriate actions taken on security incidents.Assist in cybersecurity incidents providing support that will assist in determining root cause.Identify and document vulnerabilities in client systems during investigations, contributing to ongoing improvements in security posture.Assist with critical incident report writing.Client Communication:Maintain clear, professional communication with clients throughout the incident lifecycle, ensuring transparency and client satisfaction.Promote best practices within the team to consistently achieve positive outcomes for clients and stakeholders.Requirements
Experience:A minimum of
2 - 4 years of experience in cybersecurity, particularly in a technical role within a SOC, CSIRT,
or similar environment.Experience with conducting security related log investigations with utilising various log sources/security products.Solid understanding of networking, with the focus being able to understand network related attacks.Familiarity with SIEM technologies such as Splunk, QRadar, Elastic Stack, or equivalent.Knowledge of the attack chain and critical incidents including experience with Digital Forensics and Incident Response is beneficial.Education:A bachelor’s degree in computer science, Information Technology, or similar credentials are highly advantageous.Relevant certifications such as Security+, PenTest+, Blue Team Level 1 or similar credentials are highly advantageous.Skills and competencies:Strong analytical skills, with the ability to assess and mitigate cybersecurity risks.Proficient in operating systems, malware analysis, and understanding of attack vectors and incident management processes.Excellent written and verbal communication skills, with a focus on clear and effective client communication.Proficient in troubleshooting at both network and application levels.Ability to identify patterns and recognize key details surrounding incidents.Adaptable and open to taking on dynamic responsibilities in a collaborative team environment.Key Attributes:Detail-oriented with a systematic approach to cybersecurity operations.Flexible and open to change in a fast-paced environment.Passionate about IT and cybersecurity, with a commitment to continuously learn and grow professionally.Effective communication, particularly regarding written communication, ensuring clarity and precision.Broad understanding of IT systems, with any areas of specialization considered an asset.
#J-18808-Ljbffr
Triage security alerts to assess if additional investigation is required.Conduct thorough investigations to identify the root cause of incidents, collaborating with team members or escalating when necessary.Ensure that incidents are communicated clearly and timeously with clients for effective resolution.Operate as part of a team conducting work collaboratively within a shift-based team to provide continuous security monitoring and response.Process Improvement:Regularly review and update incident response procedures to enhance efficiency and effectiveness.Establish close alignment with the Detection team to analyze alert trends to refine detection rules to minimize false positives.Proactively hunt for potential threats, using advanced techniques to uncover hidden risks before they escalate.Assist the Incident Response Team Leader to streamline response workflows through automation, orchestration and/or other innovative methods.Establish methodologies to ensure that the alert queue is triaged effectively, allowing for appropriate actions taken on security incidents.Assist in cybersecurity incidents providing support that will assist in determining root cause.Identify and document vulnerabilities in client systems during investigations, contributing to ongoing improvements in security posture.Assist with critical incident report writing.Client Communication:Maintain clear, professional communication with clients throughout the incident lifecycle, ensuring transparency and client satisfaction.Promote best practices within the team to consistently achieve positive outcomes for clients and stakeholders.Requirements
Experience:A minimum of
2 - 4 years of experience in cybersecurity, particularly in a technical role within a SOC, CSIRT,
or similar environment.Experience with conducting security related log investigations with utilising various log sources/security products.Solid understanding of networking, with the focus being able to understand network related attacks.Familiarity with SIEM technologies such as Splunk, QRadar, Elastic Stack, or equivalent.Knowledge of the attack chain and critical incidents including experience with Digital Forensics and Incident Response is beneficial.Education:A bachelor’s degree in computer science, Information Technology, or similar credentials are highly advantageous.Relevant certifications such as Security+, PenTest+, Blue Team Level 1 or similar credentials are highly advantageous.Skills and competencies:Strong analytical skills, with the ability to assess and mitigate cybersecurity risks.Proficient in operating systems, malware analysis, and understanding of attack vectors and incident management processes.Excellent written and verbal communication skills, with a focus on clear and effective client communication.Proficient in troubleshooting at both network and application levels.Ability to identify patterns and recognize key details surrounding incidents.Adaptable and open to taking on dynamic responsibilities in a collaborative team environment.Key Attributes:Detail-oriented with a systematic approach to cybersecurity operations.Flexible and open to change in a fast-paced environment.Passionate about IT and cybersecurity, with a commitment to continuously learn and grow professionally.Effective communication, particularly regarding written communication, ensuring clarity and precision.Broad understanding of IT systems, with any areas of specialization considered an asset.
#J-18808-Ljbffr