CyberSecurity Operations Center Engineer 2 remote virtual home office
Role details
Job location
Tech stack
Job description
The CyberSecurity Operations Center Engineer 2 monitors hardware, software and network firewalls, intrusion detection systems, EDR systems, Email threat detection platforms, Cloud SIEM, etc. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Evaluates information security configurations when intrusions have occurred and monitors the effectiveness of implemented changes. Responsible for resolution of initial triage and incident response to security alerts. Makes decisions regarding own work methods, occasionally in ambiguous situations, and requires minimal direction and receives guidance where needed. Follows established guidelines/procedures.
Requirements
Bachelor's Degree
2 years of incident analysis, security architecture, malware research, SOC, or any other similar incident response experience.
Fundamental understanding of security tools such as SIEM, IDS/IPS, web proxies, DLP, CASB, SIEM, DNS security, DDoS protection, and firewalls
Fundamental understanding of cloud security and responding to cloud alerts/events
Knowledge of NIST and MITRE ATT&CK security frameworks
Knowledge of Microsoft Windows systems including active directory and Unix systems
Experience analyzing and inspecting log files, network packets, and any other security tool information output from multiple system types
Familiar with basic reverse engineering principles and understand of malware, rootkits, TCP/UDP packets, network protocols
Team-oriented and skilled in working within a collaborative environment
Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment
Required flexibility to work nights, weekends, and/or holiday shifts in the event of an incident response emergency
Experience with technical analysis of email headers, links, and attachments to determine if an email is malicious, and then executing remediation techniques to protect the environment
Preferred Qualifications
One or more of the following certifications are recommended: CompTIA Security ; CompTIA Network ; Information systems Security Professional (CISSP); SANS-GIAC certification (Security Essentials/GCIH, GCED, GCIA, GNFA); EC-Council (CEH)
Solid written and communication skills with the ability to present ideas in business-friendly and user-friendly language
Proven problem-solving abilities
Willingness to acquire in-depth knowledge of network and host security technologies and products (such as endpoint, network, email security) and continuously improve these skills
Ability to clearly and concisely document and explain technical details (e.g. experience documenting incidents, technical writing, etc.)
Collaborate with peers and multiple teams to identify improvements and identify areas for tuning use cases or signatures to enhance monitoring value
Participate in technical meetings and working groups to address issues related to malware, threats, vulnerabilities, and cybersecurity preparedness
**Looking for and experienced candidate with a SOC background that thrives in a 'startup environment'. Humana is currently refining their SOC procedures, maturity, and capabilities. A strong experienced candidate will really have a major impact in the SOC strategy, team design, and technological considerations.