Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on more than 20 years of real-world threat intelligence and research. It enables customers to better detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

We enjoy competitive compensation and benefits packages and reward and recognize our employees for exceptional results. A relentless focus on continuous learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized and rejuvenated, we win as a team.

This role will function as a SOC Analyst Team Leader. You will receive alerts and respond to activities within the customer’s environment that are detected by SecureWorks Managed Security Services. In this role, you will oversee the daily tasks and deliverables handled by the InfoSec Team and contribute to investigating high alerts, determining the source of the threat, the extent to which customer assets have been compromised, making remediation recommendations, and assisting with implementation.

Tasks of the track:

• Continue to practice processes on an ongoing basis and use tools to maintain familiarity and identify opportunities for improvement.
• As an SME, participate in the InfoSec team’s strategy formulation to confirm whether new service suggestions will work and to identify gaps as team capabilities evolve
• Define, implement and improve team processes and procedures to ensure consistent delivery
• Represent the team in critical situations, pre-sales activities, marketing events (internal/external meetings, webinars, workshops), customer meetings, etc.
• Work with operational leadership in interviewing new security analyst candidates, serving as a mentor, and working alongside other staff in an advisory, support, and training role
• Prepare and present operational governance reports to business stakeholders and customer representatives
• Define, collect and monitor appropriate quality assurance/SLO metrics for reporting to senior management and tracking team performance
• Propose and review team training plans and facilitate career development of engineers of all seniority levels.
• Oversee and perform daily operational ‘eyes on glass’ real-time monitoring and analysis of security events from multiple sources including but not limited to events from SIEM tools, network and host-based IDS, firewall logs, system logs (Unix and Windows), mainframes, midrange, applications and databases

Skills:

• Excellent leadership and coaching skills
• Communication – The ability to make oneself understood by others through the ability to express one’s points clearly and persuasively, listening actively and controlling the flow of the conversation.
• Risk assessment and decision making – The ability to analyze facts and situations within reasonable limits, make decisions, evaluate the impact on others and take acceptable risks
• Influencing – the ability to convince others of one’s opinion and make them follow it
• Task Management and Planning – The ability to effectively formulate an appropriate plan of action for oneself and others to achieve a goal

Essential requirements

• 5+ years of experience in Information Technology with networking technologies (CCNA, JNCIA certification is desirable)
• Experience with SIEM processes, monitoring and collection, escalation strategies, data source normalization, event mitigation, threshold tuning, alert triggers, threat intelligence, threat modeling, triage
• Experience with raw log file review, data correlation and analysis (e.g. firewall, network flow, intrusion detection systems, system logs)
• Solid and demonstrable understanding of information security, including malware, emerging threats, attacks and vulnerability management

Desired requirements:

• Industry vendor certifications: ISC2, GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Unix, Microsoft, Oracle, etc.;
• Previous experience in adjacent areas such as Security Operations Center, Network Operations Center, System Administrator, Platform/Tool Support Engineer, IT Helpdesk Support
• Conduct both endpoint and network-based studies
• Reviewing logs to find evidence of previous break-ins
• Use indicators within networks to identify the scope and scale of attacks
• Malware and Exploit Kit Functionality
• Operating system and application exploits
• Lateral movement, land living and persistence settlement mechanisms
• Detection of abnormal system activity
• Threat Detection Methodologies
• Incident response and incident handling processes

Secureworks is committed to the principle of equal employment opportunity for all employees and to providing a work environment free from discrimination and harassment to employees. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or registered partnership status, past or present military service, family medical history or genetic information, family or parental status or any other status protected by the laws or regulations in the locations where we operate. Secureworks does not tolerate discrimination or harassment based on any of these characteristics.

Originally posted on Himalaya