IAM (regular)
Cloud security (regular)
SIEM (regular)
Network Security (regular)
Endpoint (regular)
Data security (regular)
Vulnerability Management (advanced)
Threat hunting (advanced)
Due to organizational growth our Client is looking for to hire an experienced Lead CyberSOC Engineer that is a 3rd level of support in the Group.
The world's largest oilfield services company
New position - 100% remote - B2B employment
ABOUT THE EMPLOYER
Our Client is a technology company that partners with customers to access energy. They provide leading digital solutions and deploy innovative technologies to enable performance and sustainability for the global energy industry.
With expertise in more than 120 countries, they collaborate to create technology that unlocks access to energy for the benefit of all.
JOB DESCRIPTION
Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection / prevention systems (IDS / IPS), firewalls, host-based security systems (HBSS), etc.
Correlates network activity across networks to identify trends of unauthorized use.
Research emerging threats and vulnerabilities to aid in the identification of incidents.
Analyze the results of the monitoring solutions, assess, and correlate the output using automated systems.
Conduct triage, event correlation, classification, and analysis of these events such that incidents are investigated and logged or followed up using the existing information risk incident management processes.
Provide pro-active feedback which will enable improvement of the current monitoring rules, based on information and knowledge / experience from the Corporate and Industry best practices.
Capable of working unsupervised, but able to interact and give direction to business and IT (Information Technology) teams in line within established corporate security policies and processes.
Develops and maintains constructive and cooperative working relationships with team members.
Demonstrates the ability to drive creative, innovative ways to solve problems or minimize risk.
Consultative skills and ability to work cross-functionally.
Focused and results oriented.
Ability to react quickly, decisively, and deliberately in high-stress, high-impact situations.
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
CANDIDATE'S PROFILE
Certifications (1 or more of the following) :
SANS (SysAdmin, Audit, Network, and Security) GIAC (Global Information Assurance
Certification) certification in Cyber Defense, Penetration Testing, Incident Response or Forensics
Certification) certification in Cyber Defense, Penetration Testing, Incident Response or Forensics
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
EC-Council certification : CEH (Certified Ethical Hacker), ECSA (Certified Security Analyst), CHFI
Computer Hacking Forensic Investigator), CND (Certified Network Defender), (Computer Hacking Forensic Investigator), CND (Certified Network Defender)
Cisco Certified Network Associate (CCNA)
Required skills :
In-depth knowledge of most of the skills listed in the Technical Skill section
Ability to perform basic malware reverse engineering
Ability to perform memory analysis using tools such as Volatility or Rekall
Leverage forensic tools such as FTK, X-Ways, SIFT as part of an investigation
Use both internal and external threat intelligence to build threat detections and provide data enrichment
Threat Hunting
Evaluate tools / solutions for investigation and IR (Incident Response)
Ability to write scripts and Automate
Conduct security gap analysis assessments, penetration testing / red-team assessments, and vulnerability assessments to identify security vulnerabilities
Maintain and employ a strong understanding of advanced threats, continuous vulnerability assessment, response and mitigation strategies used in cybersecurity operations
Mentor T1 and T2 analysts
Technical Skills :
Data Security
Data Loss Prevention tools, (e.g., AIP (Azure Information Protection), IRM (Information Rights management))
Endpoint
Antivirus solutions (e.g., Microsoft Defender)
Strong Windows and Linux administration experience
Information Security tools & packet analyses tools (e.g., Cb, Wireshark)
OT / IIoT Security
Awareness of SCADA (Supervisory Control and Data Acquisition) / IIoT (Industrial Internet of Things) technologies
Network Security
Firewall (e.g., Pato Alto Networks)
Internet Protocols and Services (e.g., TCP / IP, FTP (File Transfer Protocol), HTTPS, SS, (Secure Shell))
Intrusion Detection (e.g., IDS / IPS tools)
Network scanning tools (e.g., NMAP)
Networking infrastructure (Cisco is preferred)
Information Security tools & packet analyses tools (e.g., Cb, Wireshark)
Security Event Monitoring and Analysis
Log analysis / Windows event analysis
Security Information and Event Management (SIEM) Chronicle and Splunk are preferred
Compliance and Audit
Fair understanding of the NIST (National Institute of Standards and Technology) CS (Cyber Security) Framework
Vulnerability Management
Vulnerability Testing tools (e.g., Qualys, Kali)
Scripting / Automation
Programming / Scripting tools (e.g., Python, Bash, PowerShell, YARA-L)
Incident Response - Security Risk
Strong troubleshooting and root cause analysis skills
Cyber outbreak management and the ability to differentiate malicious activity from directed attack patterns
Application Security
Fair understanding of the threat modeling
Could Security
Cloud experience (e.g., Azure, GCP (Google Cloud Platform), AWS (Amazon Web Services), Yandex, G42)
Forensics
Malware analysis and memory analysis
Network and Host forensics
Threat Intel
Experience in analyzing threat intel feeds.
Email security
Phishing detection tools (e.g., Proofpoint TRAP, CLEAR)
Identity & Access Management
Azure Active Directory
Cloud Access Security Broker (CASB)
Federation
Conditional Access
Zero Trust
Project Management
o Basic project management experience
Common Technical Skills
SharePoint and PowerBI experience are an advantage
YARA-L, PowerShell or Python coding experience is an advantage
OFFER :
Fully remote working conditions;
Opportunity to travel the world for business reasons;
High standards of IT operations and company culture;
Experience in global leader within its sector;
International team. 
