Requirements

Displayed experience in security operations, incident response, and threat hunting disciplines
Practical knowledge of common threats and exposures to web applications and services
Experience with detection / incident tooling or automation workflow optimization
Proficient in cloud ecosystems, including tools, technologies, and how to secure them
Proven experience in operating & maintaining SIEM, SOAR, and EDR; developing queries and alerts
Accustomed to performing investigations, analysis and communicating the events or incidents to proper stakeholders clearly
Experience deploying tooling to advance investigation tactics and incident response across different environments ie; corporate environments and cloud environments
A strong understanding of MacOS, Linux, and Windows security
Love to learn; you are motivated to learn about security and tinkering
Experience interfacing with technical and non-technical individuals. Ability to adjust the level of technicality depending on the audience
GIAC, CEH, GSOC certificates

Position Expectations

Drive maturity of Operations by suggesting overall improvements ie; playbooks, detections, automations, and gaps critical in working with other teams and departments
Leverage and maintain automation workflows, and enriching discoveries and detections
Utilizing analysis frameworks (ie; MITRE) to better understand gaps, and work towards closing those gaps
Maintain, improve, and configure Information Security Operations tooling and alerts
Develop and maintain well written documentation and playbooks
Work cross functionally with multiple teams deploying tooling, establishing new processes, or improving existing processes
Ability to quickly learn new Information Security concepts and adapt to a modern, fast-paced organization
Mentor and train others on the team to level up. We will all grow together
Participate in weekly on-call rotations

3 Months: You will have familiarized yourself with much of the Information Security Operations documentation hub, and met everyone on the team. You will have the opportunity to identify any gaps and make improvements, leading to an understanding of the Security Operations departments process
6 Months: You will have a foundational understanding of the data and tooling the entire Information Security team uses. By now you should be taking ownership of tasks. You would have fully scoped and executed a small project by now, that has positively impacted the company security posture
12 Months: Fully comprehensive understanding of our program, response process and operation of tooling, as well as workflow automation. You should be considered a subject matter expert in the realm of investigations for corporate security operations