Why Join Cyber Defense Labs?
At Cyber Defense Labs every team member plays a role in the culture of our company. We recruit passionate individuals who are committed to excellence in support of our client partners, the communities in which we work and to each other. When you join us, you’ll have meaningful work, talented colleagues to collaborate and partner with, and a company committed to your growth and development as practitioners and leaders. We value, develop and reward our expert team members who are highly skilled in what they do and help us deliver on our mission every day.
We offer a competitive benefits package, fully covering the cost of premiums for medical, dental and vision at the Employee level. Employer paid benefits include short and long term disability, life insurance, tele- and mental health and secured garage parking when you are in the office. PTO and Flex days are available day one.
Our offices are headquartered in the desired Crescent Court area of downtown Dallas, where you'll find your favorite trendy restaurants and coffee shops literally steps away. Join us!
What does Cyber Defense Labs do?
Cyber Defense Labs is a full life-cycle information security service provider helping companies manage, detect and respond to today’s cyber risks. We provide trusted cyber risk management services to help companies reduce business risk before, during and after a cyber event.
About the role: Cyber SOC Specialist
As a Cyber Defense Labs Cyber SOC Specialist, your role on the team will include leveraging your knowledge of industry best practices, good judgment, and problem-solving skills to execute security operations. Being on the front lines of defense, the Cyber SOC Specialist is required to make sound decisions under pressure and be able to quickly adapt to any security challenge. This individual is required to pay attention to detail and be disciplined in documenting processes and procedures. The Cyber SOC Specialist will also be responsible for all requests coming into the department making sure internal and external SLAs/SLOs/KPIs are met. This role includes the support of new and existing products & services that come under the responsibility of the team.
This is a high visibility role that may include contact with Customer IT & Security support teams, management, and executives. The role holder must be highly skilled at Stakeholder and Relationship Management, planning and problem solving, possessing high levels of self-motivation and confidence.
Role Responsibilities:
- Protect CDL
- Understand and review logical and physical security controls in place at CDL, clearly articulating risks and recommendations where necessary
- Work closely with members of the Cyber SOC team to lead and perform investigations into the root cause of security events, escalating to the Cyber SOC Manager where necessary
- Provide expert-level security-related assistance to internal staff members as needed
- Adherence to all CDL company policies, processes and procedures designed & implemented to obtain and maintain any industry standard certifications (ISO27001, SOC2, etc.)
- Lead an effective incident management response effort to all security incidents, to support the CDL security strategy and policy while taking into account risks and appropriate legal, regulatory constraints
- Support the management of relationships with specific customers, suppliers and stakeholders ensuring the cost-effective provision of our portfolio of professional cyber security services
- Continuous delivery of target improvements, productivity gains and cost efficiencies
- Support incident management decision makers within the scope relevant to your role to ensure that mitigation controls and incident response are appropriate and delivered in a professional manner
- Continuous delivery of timely, operational support and a world-class customer experience to our customers across all CMSSP services, current and future.
- Provide expert level threat analysis and timely, high-quality security event/incident alerting to meet or exceed agreed SLA’s/SLO’s.
- Competent and diligent operation and incident handling across all phases of the incident lifecycle from detection to remediation & lessons learnt for all cyber security events in use by CDL and its customers.
- Work with various internal/external Cyber SOC-related stakeholders ensuring that operational stability and continuous improvement of our customers’ security posture is a driving force in all customer interactions.
- Continuous creation, review & tuning of SIEM detection and maintenance of incident playbooks
- Supporting service request intake process and communicating with requestors promptly
- Adhere and contribute to the development and maintenance of our suite of operational processes which underpin the effective management of all cyber security issues impacting CDL and/or our customers
- Build and maintain “trusted advisor” relationships with customer stakeholders through timely, effective written and spoken communication and sound security insights and recommendations.
- Become an internal subject matter expert on the environment, security posture, threat landscape and business drivers of the customers you are directly assigned to
- Proactively discover security trends and making sound security recommendations to our customers
- Be the first escalation point for Cyber SOC Tier 1 team for internal/external escalations, giving prompt attention and accurate, helpful responses
- Timely, accurate and appropriately prioritized execution of all duties related to and in alignment with company business strategy.
- Other duties and responsibilities as assigned
Standards: Professional Presentation
- Maintain a professional, business-appropriate image in the office and on video conferences
- Maintain business-appropriate level of personal hygiene and clean, uncluttered workspace
- Weekly time recording compliance and submission of metric performance
- Availability & responsiveness
- Calendar consistently up to date and use of out of office assistant & voice mail greeting
- Timely response to line management and use of annual leave and entitlement
- Strict punctuality regarding shift start time, turnovers, scheduled meetings, events and engagements
- Demonstrate due diligence & best efforts to provide advanced notice for planned time off and arrangement of shift coverage
- Approval of surplus annual leave carry over to be in line with HR policy
- Embrace Service Excellence to provide effective management across area of responsibility
- Service – Continually monitor and report performance through service metrics across area of responsibility
- Implement Continuous Service Improvement across area of responsibility and CDL Security where applicable
- Operational Service Delivery including:
- Provide technical/analyst SME expertise and recommendations to support and/or manage:
- Proactive risk management – identify issues and take personal action to mitigate or highlight the risk
- Reactive incident management – act with a sense of urgency re: business impact with clear stakeholder communication throughout
- Ability to prioritize effort and make decisions based on business impact
- Ability to engage and communicate clearly to motivate and inspire people to deliver
- Understand CMSSP business unit strategy to enable day to day priorities of effort
- Deliver required elements of the functional strategy and ensure support of the overall CMSSP strategy with a clear plan of action for area of responsibility
- Cultivate the professional standards & capability personally and within functional area
- Effective Stakeholder Management including direct customer contact where appropriate
- Take a structured and consistent approach to problem solving ensuring that the role holder takes responsibility for issues and manages through to conclusion
- Adherence to all company policies
Role Qualifications- Essential Skills and Experience:
- Passion and enthusiasm for Cyber Security
- MUST HAVE 5 years’ experience of working in a high-performance Cyber SOC team in a cyber-security focused organization serving large scale enterprise customers.
- Proven experience with an enterprise-grade SIEM platform (e.g. LogRhythm, AlienVault, ArcSight, QRadar, McAfee, Securonix, Exabeam)
- Experience in high volume environments handling millions/billions of records per day
- Proven experience in Security Event analysis & triage, incident handling and root-cause identification
- Proficiency in TCP/IP and other network protocols
- Proven experience in performing active Threat Hunting including planning, execution, and reporting.
- Specialty in one or more of the following Information Security domains:
- Cyber Intelligence Analysis, Threat Monitoring, Incident Response, Threat Hunting, Machine Learning & Artificial Intelligence, Malware Analysis, Computer Forensics, Endpoint Protection, Network Security, Infrastructure Security, Application Security, Platform Security, Identity & Access Management, Security Education & Awareness, Vulnerability Scanning & Management, and Compliance & Risk Management
- Experience with Red/ Blue team exercises
- Excellent verbal and written communication skills
- Related experience w/stakeholder management & good interpersonal skills
- Operations knowledge and experience in risk management
- Effective Communication- verbal, report writing & presentations skills
- Innovation and creativity with problem solving skills
- Excellent team skills, a "can do, let's get it done" attitude is crucial.
- Excellent time management, report writing and presentation skills
- Hold or can obtain appropriate level of security clearance where required
Bonus Skills:
- Elastic Stack (ELK) experience, Bro, Fluentd and Powershell experience
- experience
- Ability to write and understand scripts in languages such as Python, Ruby, Bash, etc
- Ability to write and understand complex regular expressions (PCRE)
- Event Detection tools (e.g. FireEye, Palo Alto, Fortinet, Carbon Black, Cylance)
- Experience with 'big-data' platforms such including Hadoop, HDFS, Apache Spark etc.
- IDS/IPS (e.g. TippingPoint, Sourcefire, Snort, Suricata)
- Security related certifications, for example CISSP, GCIH, CEH, OSCP, Security
- An undergraduate or higher degree in computing with a strong security component
Education :
- College Degree in Cyber Security or Information Technology or equivalent work experience
- Certifications like Network and Security
Must pass criminal background and drug test. Must also be able to work in the US without sponsorship now or in the future.