Jobs

Senior Incident Responder

RemoteMarch 26, 2024

CipherTechs is a global Cyber Security service provider founded in 2001 that remains privately held with headquarters in New York City. We are completely and exclusively focused on cyber security and provide a full-service solution portfolio. We service our customers through the following main practice areas: Offensive Security Services, Audit & Compliance, Defensive & Managed Services, Digital Forensics & Incident Response, General Consulting.

As a managed services security provider (MSSP), CipherTechs maintains multiple security operations centers, staffed 24x7, with the responsibility of identifying, containing and responding to security incidents for major organizations worldwide.

This managed security service is backed by security engineers that are trained and certified in dealing with incident response and digital forensic investigations. These engineers have obtained certifications from industry-wide organizations such as ISC2, SANS, and ISACA, and possess extensive product experience with the solutions that are used to secure our customers environments.

Description of the Position

SOC Incident Responder

Our Incident Response, Security Engineering, and Defense Engineering teams work together to provide world-class detection and response services critical to business operations, legal compliance, and public relations. Our Incident Response team analyzes events and responds to incidents related to the confidentiality, integrity, and availability of systems and services critical to business operations ranging from impacting the end user to deeply entrenched advanced persistent threats

Senior

  • Coordinate and advise clients on escalated incident triage and response.
  • Conduct analysis of closed incidents to identify trends and insights that lead to process improvements.
  • Review recently closed incidents and confirm completeness, accuracy, quality of work, attachments, and other critical components.
  • Act as escalation point (including on-call rotations) for highly complicated or sensitive work and follow through to ensure quality of work and expectations are met. Document and train others to minimize escalations.
  • Monitor cases, incidents, etc. for opportunities to help investigations, tune signatures, or otherwise improve services and team expertise.
  • Create and maintain "use cases" in a centralized library.
  • Create and maintain SIEM rules, dashboards, lookup lists, threat intelligence feeds and other content.
  • Maintain central signature database and deployment of signatures to clients.
  • Work with Red Team to validate the effectiveness of signatures, rules, alarms, etc.
  • Identify and resolve opportunities to update documentation for the betterment of the team and services provided (policies, procedures, knowledgebase articles, etc.).
  • Ensure that documentation aligns with industry best practices and common compliance frameworks where reasonable and possible.
  • Act as a primary subject matter expert for multiple security products.
  • Regularly provide training to peers in the Blue Team to ensure a solid baseline of skill and experience.
  • Act as a primary technical point of contact with customers.
  • Supervise and assist with team access and credentials to customer environments.
  • Assist or lead in onboarding new customers and other projects.
  • Maintain familiarity with client contracts and identify out of scope work, opportunities for deepening relationship and improving services, etc.
  • Address ad-hoc client requests that fall within scope of work and escalate those that do not.

Requirements

  • Willing to work in a 24/7 work environment with a flexible work schedule (aimed at 40hrs per work week).
  • Demonstrated experience with the security industry including an understanding of best practices, risk mitigation, and compliance frameworks.
  • Able to function effectively in high stakes and high stress situations.
  • Legally capable of working in the US or EU.
  • Follow a continuous education program and maintain one or more relevant professional certifications.
  • Ability to quickly find answers to questions referencing manuals and/or Internet resources.
  • Fluent in English in both writing and speech (i.e. writing, reading, speaking, and understanding).

Senior

  • 5-years' experience performing similar duties.
  • Obtain within 1 year and maintain at least one of the following certifications (other expert certifications will be considered): GCDA, GSLC, SSCP, OSCP, GNFA, CCNP, CCIE, GSNA.

Preferred Background

  • One or more security-related certifications from any of the following organizations: GIAC, ISC(2), CompTIA, EC-Council, Offensive Security, PMI, Cisco, Microsoft, Apple, Amazon
  • A valid passport.
  • Bachelor of Information Technology, Computer Science, Computer Engineering, Cybersecurity, Communications, Business or other related fields of study.
  • Demonstrates a personal interest in cybersecurity outside work hours.
  • Experience with regular expressions.
  • Experience writing security product signatures, alerts, etc.
  • Experience in an MSSP environment or performing similar duties.
  • Experience with deploying, maintaining, or using one or more of the following Security Solutions: SIEM, SOAR, Network IDS/IPS, Host IDS/IPS, Network Firewall, Host Firewall, Web Application Firewall, EDR, AV, DLP, Identity & Access Management, Web Proxy, Email Security
  • Programming experience in machine, assembly, high-level, scripting languages.
  • Experienced in reviewing event logs.

Job Type: Full-time

Pay: $100,000.00 - $135,000.00 per year