SOC Lead - FirePower, Splunk, XSOAR

Job type:
on-site
Start date:
ASAP
Duration:
12 months
From:
83Zero Ltd
Location:
Dubai
Published at:
11/28/2020
Country:
flag_no United Arab Emirates
Project ID:
2006715

Warning
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Dubai - United Arab Emirates

A Senior Security resource is required to enhance our client's security posture and mature the SOC. The resource will lead a small team in incident response, tuning IPS, creating SIEM use cases, developing SOAR, troubleshooting device issues, building bridges with other departments etc. whilst vendor support is available for all devices this is at least 60% hands one engagement where the candidate has to draw from his/her incident response experience and low level understanding of network and security.

Experience

Incident Response: host forensics, network forensics, reverse engineering etc. candidate does not have to be a reverse engineer or forensics expert, but has to be able to investigate an incident using techniques from the mentioned areas - analyze mail headers, extract macros from OLE, dissect packet capture etc.

Threat IQ, Vulnerability management: must be able to assess risk based on security advisory and consult the System admin on patching priorities, able to perform proof of concept for a known exploit, assess design from security perspective.

Integration and Automation: candidate must have understanding of IPS signatures, Firewall rules, be able to write regex, basic Scripting in Python and Powershell to a degree that will allow him to integrate, automate and tune security technologies.

Corporate environment: Candidate must be familiar with standard corporate functions, change control, writing procedures and processes, review technology designs, produce flow diagrams etc.

Knowledge of the following technologies is

Highly desirable: FirePower, Splunk, XSOAR, PaloAlto FW, Traps, CentOS, Active Directory, McAfee.

Beneficial: DarkTrace, Rapid7, Thycotic, Infoblox, Bluecoat, ForceProxy, Juniper.

You must be prepared to work in Dubai for 12 months.