SOC Engineer

Description

Job Summary:

The SOC Engineer will develop and implement security solutions, which include providing operations and engineering support for endpoint security, threat detection, inspection, monitoring, response (EDR), peripheral protection, security event management & response, and the mitigation of these security incidents. The SOC Engineer will evaluate system security configurations and perform root cause analysis to determine how to provide cybersecurity services to satisfy client organization mission and requirements. The SOC Engineer acts as the technical lead for all SOC and SIEM tools.

Duties/Responsibilities:

• Analyzes, design, deploys and configures the SIEM platforms and associated appliances and sensors.
• Provisions physical and virtual sensors for the SIEM platform.
• Responsible for SIEM security design, technical data gathering, implementation planning, and actual implementation of the SIEM monitoring platform.
• Assists client in instrumenting systems to report proper level of logging to the SIEM platform.
• Develops Windows GPOs to capture the necessary Windows security events for special cases.
• Assists client in the implementation of network port mirror and network IDS (NIDS) functionality of the monitoring platform.
• Implements best practices in the collection of security events from complex network environments.
• Manages system deployments, upgrades, ongoing maintenance, and operations.
• Deploys cloud sensors to enable monitoring for Cloud systems such as Azures, AWS and Google cloud.
• Creates/updates scripts for clients to use in their environment to provision event logging for the SIEM.
• Configures aggregation of logs for SaaS systems.
• Provides Tier 3 support to SOC Analyst personnel when needed.
• Supports, maintains, and enhances the SOC infrastructure over time.
• Develops and maintains deployment and technical documentation.
• Assess new SIEM, AI and other monitoring technologies.
• Develops and updates deployment project plans in the PMO project management platform.
• Coordinates deployments with the PMO Director.
• Provides occasional off-hours support for planned maintenance work and unplanned support issues.
• Support SOC business continuity and disaster recovery efforts.
• Performs other related duties as assigned.

Supervisory Responsibilities:

This position has no direct supervisory responsibility.

Qualifications

Education, Experience, Basic Qualifications:

• Bachelor’s degree in Information Technology, Cybersecurity, Engineering, or related field preferred.
• Strong understanding of network configurations.
• SIEM Management/Configuration Experience and/or certified in at least one of the SIEM or XDR platforms supported by Abacode.
• Troubleshoot and remediate complex SIEM connectivity issues.
• Understanding of Cloud Systems (Azure/AWS).
• Strong understanding of cybersecurity principles.
• Great verbal and written communication skills.

Physical Requirements:

Able to communicate information and ideas so others will understand. Must be able to exchange accurate information in these situations. Able to observe details at close range. Must be able to remain in a stationary position most of the time. Occasionally required to lift/push/carry items less than 25 pounds.

Expected Hours of Work:

This position is intended to be full-time, 40 hours/week.

Travel:

Little to no travel is expected for this position.

Other Duties:

Please note that this job description is not designed to cover or contain a comprehensive list of activities, duties, or responsibilities that are required of the employee for this position. Duties, responsibilities, and activities may change at any time with or without notice.