DescriptionWe are looking for professionals with a high level of experience protecting critical infrastructure to help us defend cloud infrastructure. Our team is skilled in threat hunting, analyzing indicators of compromise (IOCs), investigating adverse security events, security incident management, and digital forensics across IaaS, PaaS and SaaS environments. You will be part of a corporate security operations center responsible for defending infrastructure from adversaries and insider threats. This includes using tools to analyze and respond to threats, creating tools/scripts to aid in analysis, and responding in real time to adverse security events. Our team is the last line of defense if security controls are breached. We are expanding the team and working on ambitious new initiatives.
The Tier 2/3 SOC Analyst will leverage advance security tooling and automation to rapidly detect and respond to real-time security alerts and events and conduct detailed root cause investigations. The analyst will work closely with Tier 1, forensics, incident response, and engineering partners to mitigate a wide variety of threats and malicious activity. ##Key Responsibilities
Support shifts and on call rotations
Detect and respond to security events and threats from alerting, escalations, and other sources
Lead complex investigations and conduct deep analysis of security events focused on rapid containment, remediation, and mitigation
Work closely with security engineering teams to improve monitoring, detection, and tooling
Understand the threat landscape, emerging trends, and incorporate this understanding into day-to-day security monitoring
Operate SOC technologies, including but not limited to a Security Information Event Management (SIEM) platform, Intrusion Detection Systems (IDS), SOAR, Firewalls, Anti-Malware solutions, and insider threat tooling
Assist with security incident response activities
Prepare assigned reports for the SOC shift Lead
Provide high quality written and verbal reports as required
Actively monitor and respond the SIEM alert queue and triage alerts
Investigate alerts using standard operating procedures
Monitor several screens, systems, and alerts simultaneously
Provide direction and mentoring to the other SOC levels
Must be an Irish Citizen. The role is a remote position that may require shift work including nights and weekends.
Preferred Qualifications
Five plus years of Incident Response, Security Operations Center, and/or Forensic Analyst experience
Comfortable working in an ambiguous, fast-paced, unpredictable environment
Experience working in a highly collaborative, team centric, event driven operations team
Experience with querying across large data sets to understand complicated and difficult to solve problems
Strong attention to detail
Experience in one or more of the following fields of work: National security, military, federal intelligence, law enforcement, criminology, and/or foreign areas and language
Experience with variety of operating systems and threats that target them including Windows, UNIX/LINUX, and MacOS
Experience performing open source research on a variety of topics
Excellent verbal/non-verbal communication skills with proficient ability to deliver technical information to non-technical staff
Career Level - IC3ResponsibilitiesSupports the strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business.Threat and Vulnerability Management: May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.Incident Management and response: Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.Digital Forensics: May conduct data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.Other areas of focus may include duties managing Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.Compiles information and reports for management.