Security Operations Engineer protecting Notion’s systems and users by investigating and responding to security events. Collaborating with a global team to enhance security processes and protocols.
About the role
- L3 SOC Analyst managing security escalation cases using threat intelligence at Hewlett Packard Enterprise. Focused on cybersecurity incidents and team mentorship in a hybrid environment.
Responsibilities
- Monitor work queues for new escalations from the L1/L2 team.
- Triage cases when there are multiple escalations in the queue.
- Perform deep-dive analysis on escalated cases.
- Uses Threat intelligence and IOA/IOC data to identify source and impact of attack.
- Clearly document your investigations as they progress and regularly add case notes to maintain situational awareness.
- Complete the investigations and recommend remediations for low and medium severity security incidents.
- Initiate a war room for confirmed or suspected critical security incidents and follow the documented incident response plan.
- Complete Post Incident Review (PIR) documentation for all medium and higher severity security incidents.
- Monitor work queues for new cases requiring review.
- Triage case reviews as required.
- Review cases completed by L1 analysts for quality, accuracy, and completeness.
- Immediately investigate any you suspect to be true security incident falsely closed in L1/L2.
- Provide feedback, guidance and mentoring to L1/L2 analysts where appropriate to improve their initial investigation skills.
- Recommend exceptions or changes to detection rules to reduce false-positive detection.
- Time permitting, perform proactive reviews of open and acknowledged events currently being triaged by the L1 team.
- Assist the peer L3 team in scheduled threat hunting activities.
- Develop queries or other methods for detecting new or previously undetected exploits, tactics, and techniques. Work with the Engineering team to implement these detections.
- Maintain situational awareness by being aware of new and emerging threats, including vulnerabilities, threat actors, tactics, and techniques.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience desired.
- Generally, 5+ years in SOC, Incident Response, or Threat Analysis roles.
- Strong knowledge & understanding of common attack vectors and threat actor tactics, techniques, and procedures.
- Knowledge of Elastic SIEM is preferred. If not experience on any of the other SIEM tools like Sentinel, Splunk, QRadar, LogRhythm.
- Relevant industry qualification where applicable.
- Excellent verbal and written communication skills in language to be supported.
- Advanced troubleshooting skills in a technical environment.
- Excellent analytical and problem solving skills.
- Advanced Software and hardware knowledge of computing, storage and peripheral devices.
- Knowledge of multiple product lines (for example, proactive, reactive, storage, enterprise systems, tier 2 or 3 support, etc.).
- Advanced proficiency with case management databases and tools.
Benefits
- Health & Wellbeing: comprehensive suite of benefits that supports physical, financial and emotional wellbeing.
- Personal & Professional Development: programs catered to helping you reach any career goals you have.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
SecOps Engineer at Aristocrat maintaining security for innovative iGaming platforms and collaborating with cross - functional teams. Focused on AWS services security and compliance assessments.
Cybersecurity Incident Response Analyst handling security events and incidents at Var Group in a hybrid work environment. Focused on ensuring response to security incidents and improving security processes.
Cybersecurity Incident Response Analyst handling security incidents and threats. Working in a hybrid environment at Yarix, a leader in digital evolution.
IAM Security Ops Analyst overseeing access management for clinical trial applications at Syneos Health. Collaborating with IT and compliance teams to enforce IAM policies and improve operational performance.
Fraud Operations Group Manager responsible for managing fraud management policies in the Operations Services team. Leading teams in minimizing fraud impacts while ensuring compliance and operational objectives.
Information Security Analyst responsible for security operations, threat hunting, and incident response at Bellinati Perez. Involves collaboration with internal teams and use of advanced security tools.
Senior SOC Analyst specializing in security operations and incident response at PEXA, advancing digital property solutions in the UK. Collaborating with teams to enhance security measures and respond to incidents.
Security Monitoring Analyst developing XDR detection rules for cybersecurity at ESET. Actively contributing to threat defense innovation while monitoring security environments.
Overseeing global security operations across 81 sites for QVC Group, a Fortune 500 live shopping company. Managing security programs with expertise in investigations and crisis management.