Jr. Cyber security engineer with Python scripting exp

About the position

Responsibilities
• Provide near real-time security monitoring in a 24×7 environment using a proprietary SIEM and cybersecurity tools.
• Perform near real-time monitoring of alerts and escalate critical alerts in compliance with service level agreements.
• Detect security incidents and analyze threats for complex and/or escalated security events.
• Respond to customer Requests For Information using Linux command line skills to query raw logs for Indicators of Compromise (IOCs).
• Develop internal and/or external documentation, such as detailed procedures, playbooks, and runbooks.
• Perform level 2 assessment of incoming alerts and coordinate with tier III for critical priority incidents if necessary.
• Perform incident response activities utilizing customer SIEM and cybersecurity toolkits.
• Assist with quality control during onboarding of new customers to verify validity of Use Cases and generated alerts.

Requirements
• Ability to obtain GSA Public Trust clearance.
• At least three years of experience in security-related fields including prior SOC experience.
• Ability to communicate clearly and concisely in written and oral English.
• Experience using a supported Security Incident Event Management (SIEM) for analytics.
• Knowledgeable with scripting, parsing, and query development in enterprise SIEM solutions.
• Experience in tuning use cases & content, driven from day to day optimizations, with understanding of best practices to ensure adjustments do not cause false negatives.
• Experience with documenting processes and procedures as well as training team members on processes and procedures.
• Exceptional problem solving skills.
• Ability to drive process improvements and identify gaps.
• Proactive in engaging with customers and management teams.
• Thorough understanding of threat landscape and indicators of compromise.
• Experience with incident response techniques related to network forensic analysis.
• Experience investigating security incidents with SIEMs, use case development/tuning, and understanding of incident response.
• Experience with IPS including analyzing alerts generated by the inspection with consideration to how signatures are written, and how to identify false positives.
• Experience with implementing changes on next generation firewalls including firewall policy & content inspection configuration.
• Skilled with Linux command line.
• Experience with health and availability monitoring; understanding of device logging and ingestion, network troubleshooting, and device troubleshooting.

Nice-to-haves
• Scripting knowledge in Python, Powershell, Bash Shell, Java, etc.
• Incident response experience utilizing different SIEMs and industry best practices.
• Experience with customer service and supporting service desk functions such as IAM management.