Security Operations Engineer

The Security Operations Engineer leading Incident Response (IR) will be a member of the Information Security Office (ISO), Cybersecurity Operations Team a division of the Information Technology (IT) Organization.
Top Skills' Details
1) 3-5 years of experience
2) Experience with Azure and AWS
3) Must have Experience with Microsoft Defender
4) 24/7 SOC, L3 support. This person will share weekly rotation for on call (every other week). They will need to respond if something is escalated from L2 team.
**This will be a remote working opportunity, but the individual must be able to report on site in the Charlottesville office, within a reasonable amount of time, in the event that the cybersecurity incident and execution of the response playbook is executed**
**Want someone in VA/DC/MD/NC who could come to charlottesville, VA if needed
The mission of the Cybersecurity Operations Team is to
Support Priority Initiatives of the Information Security Office (ISO)
Enforce Information Security Policy
Support and Collaborate Across All Areas of Information Technology (IT) to Reduce Risk and
Continuously Improve the Security Posture
The IR Security Operations Engineer will be the Team Lead for the Incident Response Team, overseeing day to day operations of all Security Operations Center (SOC) Services and providing Level 3 (L3) operational support for all cybersecurity incidents. Subsequently, in the event of compromise, in which cybersecurity response playbook is executed, the IR Security Operations Engineer holds the honorary position of Team Lead for the Detection and Response Team (DART). The DART Team Lead is responsible for determinations made by the DART team in responding to the cybersecurity incident and execution of the response playbook. The DART Team Lead manages all communications and coordination between the DART Team and MDRSOC.
The IR Security Operations Engineer will review current cyberthreats and modify processes and procedures to improve Institute's cyberthreat detection, prevention and remediation capabilities and will lead and participate in cybersecurity related activities that support the objectives of the ISO. The Incident Response team focuses on protecting Institute from external and internal cybersecurity threats, and is responsible for monitoring, analyzing and triaging cybersecurity events of interest and incidents escalated by a Managed
Job Description
Security Service Provider (MSSP) and Security Information and Event Management (SIEM) service and is responsible for deciding if a particular security event or incident needs further investigation or can be resolved.

The IR Security Operations Engineer will define the incident response processes and procedures at Institute and will guide the IR team to coordinate and respond to case work including but not limited to computer security vulnerabilities, malware, phishing, social engineering, and forensic investigations. The IR team responds to case work as it relates to compromise of proprietary software, through monitoring of suspicious activity to databases, web applications, and infrastructure. The IR Security Operations Engineer will oversee all case work to ensure timely mitigation and remediation efforts are completed and will ensure that all undocumented cases of adverse security events, security incidents or case work are properly documented and incorporated in the Security Operations incident monitoring, analysis, and response playbook.
ESSENTIAL FUNCTIONS
This position is required to handle highly confidential matters and materials with discretion. The responsibilities
of this position include, but are not limited, to:
Design and implement Incident Response processes and procedures in alignment with IT Operations tools
and technologies.
o Design and implement all monitoring, logging, alerting, and ticket intake.
o Optimize work intake and continuously improve key performance indicators (KPI) such as mean time
to detection (MTTD) and mean time to response (MTTR).
o Continuously evolve processes and procedures to respond to shifts in business initiatives and
technology operations.
Oversee administration of Managed Security Service Provider (MSSP) Services. This is SIEM/SOC Services.
o Lead management of the overall MSSP relationship including reviewing MSSP KPIs for monitoring
coverage and metrics.
o Continue to develop MSSP relationship.
o Closely work with MSSP to identify and resolve security incidents when needed.
Oversee Incident Response Team and SOC Managed Services
o SOC Managed Services are responsible for triaging all security events from general monitoring and
alerting or the MSSP.
o Accountable for investigation of each security event and for deciding if the event is an incident or
can be resolved.
o Respond to incidents as defined by cybersecurity IR playbooks and/or escalate concerns when
needed.
o In the event of a compromise, Lead the DART Team and execute the cybersecurity incident response
playbook.
Partner with the Information Security Office to review new threats in the environment, make
determinations if current threat monitoring and responses need modification. Subsequently, in
collaboration with IT Operations teams, modify any tools, logs or notifications to support changes needed.
Responsible for collecting audit evidence at the request of the Information Security Office for various audit
and compliance checks, for example, PCI Compliance and SOC 2 Assessment.
Support IT Operations and the Information Security Office in efforts to educate the Institute workforce
on security threats.
Skills:
Security operations, Aws, Microsoft Defender
Additional Skills & Qualifications:
EDUCATION
Bachelor's degree in Information Security, Computer Science or directly related field is required.
A minimum of 5 years of experience in Information Technology with a minimum of 2 years of
professional IT Security Incident Responder/Forensics experience.
Highly Recommended Certifications:
o CompTIA Security+
o GIAC Certified Incident Handler
CISSP, CFCE, GCFE, OSCP, CFE, or similar, preferred but not required.
EXPERIENCE
Working experience with multiple platforms, operating systems, software, communications, and
network protocols with a focus on security controls.
Experience working with network monitoring, analysis, troubleshooting, and configuration.
Experience working with Microsoft Threat Detection and Response technologies, such as Microsoft
Defender.
Experience with Microsoft Intune for Endpoint Management and Microsoft Group Policy Management
(GPO).
Working knowledge of Next Generation Firewalls, Web Application Firewalls and policy configuration,
Cloud Hosted Infrastructure and Products (Azure, AWS, CloudFlare)
Understanding TCP/IP communications & knowledge of how common protocols and applications work
at the network level, including DNS, HTTP, and SMB
Experience with host-centric tools for forensic collection and analysis
Experience managing cases with enterprise SIEM, Logging and Ticketing Systems (JIRA Service Desk)
Experience with host-based detection and prevention suites
Detailed understanding of Advanced Persistent Threats.
High Level Understanding of System/Application Vulnerabilities and Exploitation (OWASP, SANS, CIS
Controls)
Some experience with malware analysis preferred but not required (dynamic and static)
Experience supporting Network Investigations
Experience conducting forensic media analysis and log file analysis.
*Eligibility requirements apply to some benefits and may depend on your job classification and length of employment.
Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role
may include the following:
Medical, dental & vision
Critical Illness, Accident, and Hospital
401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available
Life Insurance
(Voluntary Life & AD&D for the employee and dependents)
Short and long-term disability
Health Spending Account (HSA)
Transportation benefits
Employee Assistance Program
Time Off/Leave (PTO, Vacation or Sick Leave)

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

---