Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that secures human progress with Secureworks® Taegis™, a SaaS-based, open XDR platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

Be part of an exciting team that deals with bleeding-edge information security attacks, malware infections, and incident response situations on a daily basis. Protecting our clients from threat actors attempting to compromise their environments.

Working as a Senior Advisor in a security operations center environment with other security and networking professionals, you will extend your currently existing network and endpoint security investigation analysis skillset through identification, assessment, review and authoring of incident reports in a variety of client environments. You will actively investigate threat actor activity, malware infections, living off the land attacks, as well as a variety of other security incidents and provide clients with the impact of the threat, your assessment of the incident, as well as recommendations.

Role Responsibilities

Review security-related events and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information in order to provide clients with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations
Provide customers with understandable context around their security environment and threats
Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value
Work with customer and internal Secureworks incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents
Provide mentorship to SecureWorks team members and clients on security strategy, tactics, techniques, and procedures
Use the Secureworks platform to proactivity hunt for and investigate activity within the client environment
Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of indicators of compromise
Provide support for all other teams involved in the delivery of the service whenever they have questions or requests from customers
Act as first point of coordination for escalations coming on shift directly from customers via chat, tickets, investigations, (with support from manager)
Act as shift coordinator by prioritizing the tasks, activities, internal and external client’s requests
Collect and validate flows/processes/tools issues reported by his shift and present them to the manager
Involve in technical assessments, coaching and/or development of training programs for the team members
Tracking and reporting of KPIs

Requirements

Knowledge

Significant experience with and expert understanding of:

Two (2) or more of the following operating systems (Windows, Linux, Mac OS) at a filesystem level
Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.)
Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)

Experience with and strong understanding of:

Performing both endpoint and network-based investigations
Reviewing logs to identify evidence of past intrusions
Pivot off indicators within networks to identify the scope and breadth of attacks
Malware and exploit kit functionality
Operating system and application exploits
Lateral movement, living-off-the-land, and persistence establishment mechanisms
Detection of anomalous system activity
Threat hunting methodologies
Incident response and incident handling processes

Skills and Abilities

Ability to write scripts to automate new and existing tasks
Strong technical communication skills, both written and verbal
Attention to detail and great organizational and time management skills
Excellent problem-solving skills that would allow for the ability to diagnose and troubleshoot technical issues
Client-focused with a passion for delivering service excellence
Strong sense of urgency and ability to work under pressure
Possess high standard of integrity and confidentiality
Great leadership and coaching skills
Communication - The ability to make himself well understood by others through the capacity to clearly and convincing express his point of view, to actively listen and control the conversation flow)
Risk assessment and decision making -The ability to analyze within reason facts and situations, decision making, evaluating consequences of others and undertake acceptable risks
Influencing - the ability to convince others of his opinions and determine them to follow
Task management and planning - The ability to effectively set an adequate action plan for himself/herself and for others, in order to reach a goal

Certifications

Industry certification from vendors: ISC2, GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Unix, Microsoft, Oracle, etc.(e.g.: CISSP, GSEC, GCIA, GWAPT, GCIH, GCFA/GCFE, GREM, OSCP/OSCE, eLearn THP or similar certification preferred)

Secureworks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.

Company

For job seekers

For companies

Cyber Security jobs

Incident Response Senior Advisor - Shift Leader

Incident Response Senior Advisor - Shift Leader

Incident Response Senior Advisor - Shift Leader

Location

Workplace

Type

Posted

Website

Similar Jobs

Incident Response Consultant

Senior Incident Responder - US Remote

Sr. Technical Enablement Architect, Partner Enablement - Incident Response(Remote)

Sr. Intelligence Analyst - CAO Elite (Remote)

Sr. Intelligence Analyst II (Remote)

Cyber Risk Analyst, VP