Security Operations Center (SOC) Engineer

ICE Consulting is seeking a talented Security Operations Center (SOC) Engineer to join our team. The Security Operations Center Engineer role requires the individual to work as part of the Security Operations Center (SOC) team and help in monitoring and analyzing the environment, identifying, and responding to security threats that put the company at risk. The engineer will own leading-edge solutions that are intended to improve the security posture of the company. With their domain expertise, the engineer is expected to provide thought leadership and sound technical mentorship on how to respond and analyze security incidents based on security best practices.

• Developing and implementing SIEM solution internally and for clients; experience in assessing and implementing SIEM and other operational tools and processes for a Security Operations Centre (SOC)
• Develop content for a complex and growing SIEM infrastructure, including use cases, dashboards, active channels, reports, rules, filters, trends and active lab sessions
• Use SIEM in daily operations; administer, operate, and manage SIEM platform; ensure health of log sources, parsers, alerts, reports, etc., and that the platform operates as planned
• Monitor SIEM and other event sources, assess, prioritize, escalate and manage security alerts
• Perform analysis of security, network, database and application logs; correlate events to create threat scenarios to get ahead of threat actors and reduce exposure
• Lead the imminent threat/zero-day response function across the environment
• Translate threat intelligence into actionable security across tools such as firewall, IPS and malware detection across multiple security vendor platforms
• Track and resolve security incidents on regular frequencies and collaborate with other teams for resolution and areas for improvement
• Must have experience building custom connectors/parsers to point devices or IT assets that are not supported out of the box
• Own and operate the most important security solutions designed to protect the company from cyber threats and attacks
• Lead in deploying new solutions and technologies to improve the security posture of the company
• Continuously fine-tuning security solutions to reduce false positives and false negatives
• Working knowledge and experience with the MITRE framework for cyber adversary tactics and techniques

Must have working knowledge of any SIEM solution like QRadar, Sentinel, Splunk, LogRhythm or Open Source SIEM (Wazuh, ELK)

• The ideal candidate will have deep technical knowledge of the following:
• System security and SIEM implementation experience
• In-depth experience and understanding of Security Event Management from both technology/tool and process perspectives
• Demonstrated knowledge of TCP/IP networking and major protocols such as HTTP, SSL/TLS, DNS, SMTP
• Demonstrated experience with several of the following technology competencies: SIEM, vulnerability scanning tools (Nexpose, Metasploit), File Integrity Monitoring, Data Loss Prevention
• Development of security scripts in PowerShell or Python for automated detection and scanning capabilities
• Network stream analysis using PCAP data and packet reconstruction
• Experience executing on defined Incident Response Frameworks and Handling Procedures such as NIST, SANS
• Current knowledge of security threats, solutions, security tools and network technologies
• Understanding or proficiency in information security and compliance regulations (ISO 27001, PCI DSS, GDPR)
• Keen ability to diagnose and troubleshoot technical issues, excellent problem-solving skills
• Fluency in English, written and spoken
• Excellent documentation skills
• Ability to work independently and also be a team player
• You may be required to travel on a need basis

• 2 to 5 years of professional experience
• Bachelor’s Degree in an IT related discipline
• In lieu of certifications, at least 2 years of information security, auditing or risk management experience