Four or more years of full-time professional experience in the Information Security field
Experience working in a Security Operations Center (SOC), Managed Security Service (MSS), or enterprise network environment as a point of escalation.
Excellent time management, reporting, and communication skills including customer interactions and executive presentations.
Data analysis using SIEM, Database tools, and Excel.
Experience troubleshooting security devices and SIEM.
Ability to create and maintain content within SIEM environments and make recommendations to clients to better their visibility.
IDS monitoring/analysis with tools such as Sourcefire and Snort
Experience with SIEM platforms preferred (QRadar, LogRhythm, McAfee/Nitro, ArcSight, Splunk) a plus.
Direct (E.g., SQL Injection) versus indirect (E.g., cross-site scripting) attacks
Experience with the following attacks: Web Based Attacks and the OWASP Top 10, Network Based DoS, Brute force, HTTP Based DoS, Denial of Service, Network Based / System Based Attacks.
Deep understanding of SIEM (Splunk preferred), detection tuning, and alert lifecycle management
Experience with SOAR platforms, especially XSOAR, including playbook analysis
Strong QA and documentation capabilities (SOP writing, audit trail tracking, RCA/AAR development)
Clear, confident communication with both internal teams and external clients
Proven ability to lead discussions, manage RAID items, and contribute to executive-level reporting
Familiarity with SANS top 20 critical security controls
Understand the foundations of enterprise Windows security including Active Directory, Windows security architecture and terminology, Privilege escalation techniques, Common mitigation controls and system hardening.
Anti-Virus (AV) and Host Based Intrusion Prevention (HIPS)
Experience in monitoring at least one commercial AV solution such as (but not limited to) McAfee/Intel, Symantec, Sophos, or Trend Micro
Ability to identify common false positives and make suggestions on tuning.
Understanding of root causes of malware and proactive mitigation
Propagation of malware in enterprise environments
Familiarity with web-based exploit kits and the methods employed by web-based exploit kits.
Familiarity with concepts associated with Advanced Persistent Threats and “targeted malware.”
Experience and understanding of malware protection tools (FireEye) and controls in an enterprise environment.
Covert channels, egress, and data exfiltration techniques
Familiarity with vulnerability scoring systems such as CVSS.
Basic understanding of vulnerability assessment tools such as vulnerability scanners and exploitation frameworks