Description
Description:
- The SOC Security Specialists main objectives are to contribute following a multidisciplinary approach to the key SOC operational tasks: threat intelligence, engineering, monitoring and response.
- SOC Security Specialists integrate into a multidisciplinary pool of resources with the ability to perform in several cross functional aspects in Security Operations which are equally needed to deliver a proactive and avant-garde cyber defensive capability.
- The SOC Security Specialists work in a close teaming approach with other SOC specialists, and involve when necessary other Subject Matter Experts.
- Following business and operational efficiency principles, proactive and performance oriented activities are performed. This involves (analytical) activities to enable intelligence gathering and usage, ability to engineer and implement engineering requirements, and ability to perform in the triage processes (detect and response)
Typical outputs from the SOC Security Specialist function are:
- Integration and enhancement of the cyber threat intelligence
- Solution engineering, use case development and technical architecture
- Event triage and response
- Focused forensic investigations
- Delivery of performance indicators for the different SOC areas
- Support and escalation point for other functions
Your Challenge
- The SOC Specialist is expected to be able to deliver value in the following areas of expertise:
- Threat Intelligence:
- Discovers, analyzes and prioritizes new threat Intel sources
- Integration of intelligence feeds into the operational processes
- Engineering:
- Develops content, such as scripts, use cases for SIEM, queries for log management, connectors for security technology or automated data gathering for forensics.
- Creation of overall situational awareness, combining outputs to be further used by the SOC
- Detection & Response:
- Perform anomaly detection and malware hunting
- Manage security incidents to conclusion
- Perform forensic investigations
A snapshot of your responsibilities includes:
- Deliver value in Threat Intelligence: create situational awareness, integrate and fuse intelligence from different sources, proactively determine if new sources are available, improve the intelligence capability;
- Execute solution engineering and technical architecture: Integrate security technologies, maintain the security tooling, create and implement content, troubleshoot SOC tooling, create and optimize SOC workflows;
- Perform advanced threat detection, malware and threat hunting, anomaly detection and security analytics;
- Execute threat response: forensics, crisis management and creation of mitigation courses of action;
- The ideal candidate must have a passion for security and all things technical, with a good understanding of adversary motivations in cybercrime and the tools and techniques of the trade. Previous experience working in IT Security or as an IT systems administrator is a must. Working as part of the team in a 24/7 shift pattern and onsite are pre-requisites.
We also expect you to have:
- Prior experience working in a Computer Emergency Response Team (CERT/CIRT) or IT security environment
- Proficient with networking concepts and protocols (such as DNS, HTTP(S), SMTP, FTP, etc.)
- Proficient programming skills and solution engineering skills: SIEM, Log Management, Ticketing Systems, Workflow Automation, Scripting, System Hardening, Networks Management.
- Certifications such as GSEC, GCIH, CEH is preferred.
- Trustworthiness and integrity.
- Ability to take decisive action based on available information in a timely manner
- Bachelor degree or equivalent combination of education and (work) experience
- 3+ years working in the IT field
- Certifications like Prince2 and other project management are not mandatory but appreciated