IMRI SOC Lead Security Engineer in Las Vegas, Nevada
SOC Lead Security Engineer
Back to search
Location:Las Vegas, Nevada
Location Name:Las Vegas
Wage:Depends on Experience
Work Location: CHANDLER, AZ (Relocation costs not included)
The Security Operations Center (SOC) Lead / Security Engineer (SME) is responsible for the 24x7x365 management, supervision, education, training and coordination of SOC personnel and technical processes.This is a Customer Facing Role!The SOC Lead / Security Engineer (SME) must train, coach and mentor personnel with regards to technical issues, technical tools, security controls and operational excellence. Ensure processes, SOP's and policies are established and enforced. Establish and maintain metrics, manage SLA's and improve the SOC technical skills and performance.
Responsibilities will include:
Supervise staff and processes within the SOC;
Manage shifts and coverage for all staff;
Ensure all alerts/emails/cases/phone calls are assigned and handled by Threat analysts promptly (within established SLAs) and with a high degree of quality;
Provide management oversight of Incidents;
Serve as an escalation point for Threat analysts for complex/unusual alerts/cases/requests/incidents;
Provide threat hunting capabilities and best practices to analyze security events
Conduct performance reviews and develop growth strategies for direct reports;
Evaluate gaps and assign training for Threat analysts to ensure consistent quality in response and technical capability.
Conduct quality assurance and analysis of cases to verify mitigation strategies are accurate.
Develop and manage metrics based on operational load, process effectiveness and supportability of the SOC;
Develop and test protocols and procedures for effective operations;
Develop monthly reports, sharing information on incidents environments and any agency specific reporting that is required;
Lead significant SOC projects, focused on enhancements to detection and incident response capabilities and other improvements to core SOC workflow/process/documentation.
Initiate best practices and recommend technology to improve customer engagement, threat intelligence and improved response times.
Familiarity and expertise in security assessments and frameworks such as: NIST, CMMC, SANS, ISO, HIPAA, FFIEC, GDPR and others.
Reviews trouble tickets generated by Tier 1 Analyst(s).
Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation.
Determines and directs remediation and recovery efforts.
Reviews asset discovery and vulnerability assessment data.
Explores ways to identify stealthy threats
Conducts penetration tests on production systems to validate resiliency and identify areas of weakness to fix.
Recommends how to optimize security monitoring tools based on threat hunting discoveries.
Minimum Qual Requirements
The preferred candidate should possess the following:
Bachelor's degree in Information Technology, related discipline
5+ years of experience in information security incident handling and security operations; 2 years of experience as a lead role.
Experience supervising a medium-sized team;
Experience working in a large scale environment;
Provide inspired leadership for the organization.
Make important policy, planning, and strategy decisions.
Develop, implement and review operational policies and procedures.
Assist in hiring and promoting employees.
Help promote a company culture that encourages top performance and high morale.
Work with Stakeholders to determine values and mission, and plan for short and long-term goals.
Demonstrated ability to increase the effectiveness of a security program;
A deep understanding of cybersecurity threats, vulnerabilities, controls and remediation strategies in complex, federated enterprise environments;
Knowledge of technologies, systems and networks as well as typical gaps that could impact the ability of an organization to effectively detect and respond to cyber threats;
Demonstrated knowledge of common adversary tactics, techniques, and procedures;
An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner;
An ability to effectively influence others to modify their opinions, plans, or behaviors;
A team-focused mentality with the proven ability to work effectively with diverse stakeholders;
Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously;
Relevant Technical Security Certifications (GIAC, CISSP, SSCP, CISM, EC-Council, Certified Ethical Hacker, Offensive Security, etc) a plus.
Technology Expertise with: Vulnerability Tools, SIEM's, Threat Intelligence Feeds, Firewall Management Tools, IP Profiling and Discovery Tools, IDS, IPS, MDR Products, Cloud Services, Networking, Authentication Products, End-Point Protection Products,
Employees will be processed for a DoD Security Clearance upon joining the Cytellix team
EQUAL EMPLOYMENT OPPORTUNITY
EEO/Affirmative Action Statement and Non-Discrimination Policy: IMRI is an Equal Employment Opportunity employer committed to maintaining a non-discriminatory, diverse work environment. In accordance with Title VII of the Civil Rights Act of 1964, Section 503 of the Rehabilitation Act of 1973, Vietnam Era Veteran's Readjustment Assistance Act of 1974 (VEVRAA), Americans with Disabilities) (ADA), and other federal, state, and local anti-discrimination laws, IMRI does not unlawfully discriminate against any person on the basis of race, color, religion, sex, national origin, ancestry, genetic information, age, marital status, sexual orientation, physical or mental disability, or status as a special disabled veteran or other veteran. IMRI will take affirmative action to assure equal opportunity for employment is provided with regard to all personnel actions, including but not limited to: recruitment, selection, compensation, benefits, training, promotion, demotion, layoff, termination and all other terms and conditions of employment.