|
Reference Number:
MM043349
Job Description:
***Must be US Citizen, Green Card, or EAD***
SOC Operations, task and project management to develop a security operations function that will consist of shifts of tier 1 security operation analysts.
- day to day security event monitoring and device oriented activities in the SOC with guidance of short
- term projects such as upgrades, migrations and implementations on the part of the tier 3 and 4 staff.
- Services monitored and delivered include, but are not limited to SIM, IDS/IPS, Firewall, Web Content Filtering, Proxy and Security Event Correlation and Reporting to appropriate Tier 2 incident handling staff or relevant sources to determine increased risk to client.
- Manage enterprise IT defense perimeter monitoring and scanning infrastructure and assist in communicating security infrastructure integrity and posture to applicable MM Computer Emergency Response Team personnel and/or management.
- Establish processes to monitor and analyze the output from various security perimeter monitoring devices and recommend security actions per procedures where required.
- Establish processes to perform reviews/audits of mixed Unix and Microsoft Windows environments, including network devices, databases, web services, and enterprise applications.
- Coordinate with Infrastructure Support team to maintain/trouble shoot defense perimeter and monitoring integrity.
- Development of process, policies and procedures congruent with standards and industry best practices.
Experience Level:
5+ Years
Requirements:
***Must be US Citizen, Green Card, or EAD***
Required Skills, Knowledge and Experience:
- Bachelor's degree or equivalent experience, and minimum of 8+ years applicable work experience.
- 5+ years experience in information security incident response and operations management.
- Conversant with security concepts and techniques.
- Demonstrable knowledge of networking (TCP/IP, topology, and security), operating systems (Windows/UNIX), and web technologies (Internet security).
- Ability to read and understand system data, including, but not limited to, security event logs, syslogs, and firewall logs.
- Hands-on experience with various security products such as Firewalls, IDS/IPS (network and host-based), VPN, VLAN, Routers, Switches, SNORT, tcpdump, Wireshark, NMap.
- Able to analyze forensic data concerning system and network security compromises and incident management life cycles.
Additional Experience/Skills, considered a plus:
- Traditional network monitoring experience (packet/protocol analysis)
- Hands-on administrative experience with major operating systems
- CISSP, GCIH, GIAC certifications or similar
|
