Network Defender

4 days ago

Fremont, California, United States Info Way Solutions Full time

**Job Title:** Network Defender

**Company Overview:** Info Way Solutions is a forward-thinking IT solutions provider, seeking an experienced Network Defender to join our team. Our company offers a dynamic work environment with opportunities for growth and professional development.

**Estimated Salary:** $130,000 - $190,000 per year

**Job Description:

We are looking for a highly skilled Network Defender to lead our security efforts. The ideal candidate will have expertise in security tool administration, content creation, and security engineering. Key responsibilities include determining service impact of security tools, alerting SOC (Security Operations Centers) of possible impacts due to misconfigurations and/or Updates, working tickets via ticketing system, creating tickets for various needs of Security Engineering, researching and data collection of events of interest to tune security tools, engaging support of Tier 3 Analysts, Network Operations Center (NOC), Network Engineers and/or the CSIRT (Computer Security Incident Response Team) when necessary, developing and deploying Indicators of Compromise (IOCs) and associated rules, creating documentation for security tools, documenting and escalating requests for tuning, upgrades, account creations, and patching of security tools, receiving and analyzing requests for tuning, providing timely responses to requests for tuning and change management, conducting research, analysis, and correlation across a wide variety of all source data sets (indications and warnings), assisting in the construction of signatures which can be implemented on security tools in response to new or observed threats within the network environment or enclave, providing guidance and mentorship to Tier 2 Security Engineering personnel, contributing to the creation of process documentation and training materials, being able to work a rotating on-call schedule as required, and being able to work nights and weekends, as required, for maintenance and incident response.

**Required Skills and Qualifications:

  • Three (3) to five (5) years of Security Engineering, security tool administration and/or content creation experience.
  • CompTIA Security + certification (or equivalent/higher).
  • Experience with EDR Solutions from one or more of the following vendors: SentinelOne (preferred), Crowdstrike, or McAfee.
  • Experience with other Security technologies such as, McAfee NSM, TippingPoint, FireEye, InfoCyte, Fortigate suite, is a plus.
  • Able to use the internet to do research on events of interest.
  • Working knowledge of cybersecurity and privacy principles.
  • Working knowledge of cyber threats and vulnerabilities.
  • Working knowledge of Intrusion Response in the form of day-to-day network traffic analysis and threat assessment/impact analysis.
  • Familiarity with encryption algorithms, cryptography, and cryptographic key management concepts.
  • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
  • Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • Knowledge of TCP/IP - addressing, routing protocols, and transport protocols (UDP and TCP), Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • Knowledge of escalation, incident management and change management processes and procedures of the Security Operations.
  • Possess good communication and interpersonal skills.
  • Able to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
  • Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Familiarity with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Proficient in performance of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • Knowledge of various types of Cloud Architecture, Cloud data flows, and Cloud security frameworks.
  • Vendor certifications preferred.