SOC - L3

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client's needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.

We are looking for a proven, high energy, results oriented SOC professional, where you will be a key resource for our clients analyzing business requirements to design and assist implement ideal SOC solutions for their needs.

Job responsibilities:

Monitor, analyze, and interpret security/system logs for events, operational irregularities, and potential incidents, and escalate issues as appropriate

Responsible for monitoring, detection of analysis through various input tools and systems (SIEM, IDS / IPS, Firewalls, EDR, etc.)

Conduct basic red team exercises to test the effectiveness of preventive and monitoring controls

Provides support for complex system/network exploitation and defense techniques to include deterring, identifying, and investigating system and network intrusions

Support malware analysis, host and network, log analysis, and triage in support of incident response

Maintaining and improving the security technologies deployed, including creating use cases, customizing or better configuring the tools based on past and current threats

Monitoring threat/vulnerability landscape, security advisories, and acting on them as appropriate

Continuously monitors the security alerts and escalation queue, triages security alerts

Monitoring and tuning SIEM (content, parsing, maintenance)

Monitoring Cloud infrastructure for security-related events

Delivers scheduled and ad-hoc reports

Develop and coach L1 analysts

Author Standard Operating Procedures (SOPs) and training documentation

Work the full ticket lifecycle; handle every step of the alert, from detection to remediation

Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty

Perform threat-intel research, learn new attack patterns, actively participate in security forums.

Job specifications:

Qualification:

• Bachelor's degree in Engineering or closely related coursework in technology development disciplines
• Certifications like CISSP, CEH, CISM, GCIH, GCIA are desirable
• Experience with the following or related tools: SIEM Tools such as Splunk, IBM QRadar, SecureOnix; Case Management Tools such as Swimlane, Phantom, etc.; EDR tools such as Crowdstrike, Sentinel, VMware, McAfee, Microsoft Defender ATP, etc; Network Analysis Tools such as Darktrace, FireEye, NetWitness, Panorama, etc.

Experience:

• 5+ years of SOC related work experience

Desired Skills:

• Full understanding of SOC L1 responsibilities/duties and how the duties feed into L2/L3. The ability to take lead on incident research when appropriate and be able to mentor junior analysts.
• Advanced knowledge of TCP/IP protocols and event log analysis
• Strong understanding of Windows, Linux and networking concepts
• Experience analyzing both log and packet data to include the use of WireShark, tcpdump and other capture/analysis tools
• Good understanding of security solutions including SIEMs, Web Proxies, EDR, Firewalls, VPN, authentication, encryption, IPS/IDS etc.
• Functional understanding of Cloud environments
• Ability to conduct research into IT security issues and products as required
• Working in a TAT based IT security incident resolution practice and knowledge of ITIL
• Knowledge and experience with scripting and programming (Python, PERL, etc.) are also highly preferred
• Malware analysis and reverse engineering is a plus

Personal Attributes

• Self-starter and quick learner requiring minimal ramp-up
• Excellent written, oral, and interpersonal communication skills
• Highly self-motivated, self-directed, and attentive to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment