TUV Rheinland OpenSky is looking for a Security Operations Center (SOC) Analyst III-SME position to work in the Security Operations Center (SOC) unit. The primary purpose of this position is to develop security analytics to identify threats and perform threat hunting. Lead incident response, issue resolution, and assessment or communication of security risk to the enterprise and provide SME support to the team monitoring real-time security alerts, identifying and prioritizing potential threats. Lead and support security incident investigations. Provide SME support for analyzing available data sources, security tools, and threat trends and lead security monitoring and analysis techniques to identify attacks. Create analytics and other logic to identify attackers and defend infrastructures against advanced attacks. This position involves critical duties and responsibilities that must continue during crises and contingency operations, which may necessitate extended hours of work.
- Responsible for working in a 24x7 Security Operation Center (SOC) environment
- Develop analytics to provide monitoring of threats
- Provide SME support for analysis and trending of security log data from many heterogeneous security devices
- Lead Incident Response (IR) activities when analysis confirms actionable incident.
- Conduct threat hunting activities
- Provide threat and vulnerability analysis as well as security advisory services
- Analyze and respond to previously undisclosed software and hardware vulnerabilities
- Investigate, document, and report on information security issues and emerging trends.
- Integrate and share information with other analysts and other teams
- Strong infrastructure or operations experience in UNIX/LINUX/Wintel environments
- Experience with AWS from an engineering perspective
- Experience with Identity and Access Management
- 6+ years' experience as a Security/Network Administrator or equivalent knowledge
- Extensive knowledge of various security methodologies and processes, and technical security solutions (firewall and intrusion detection systems)
- Excellent skills in understand packet level data/logs in Network Security Products (IDS/IPS, firewalls, etc.) Host Security Products (HIPS, AV, scanners, etc.)
- Expert knowledge of TCP/IP Protocols, network analysis, and network/security applications
- Expert knowledge of common Internet protocols and applications
- Expert understanding of regular expression and at least one common scripting language (PERL, Python, PowerShell).
- Ability to multi-task, prioritize, and manage time effectively
- Strong attention to detail
- Strong collaborative skills and proven ability to work in a diverse global team of security professionals
- Strong organizational skills
- Strong English verbal and written skills
- Excellent interpersonal skills
- Experience with Sumo Logic
- Bachelor's degree in a related field or equivalent demonstrated experience and knowledge
6+ years' experience as a Security/Network Administrator
- Technical Security Certifications - GCIA, GCIH, EC-Council or other related certifications preferred