55
Top TechCompanies
44k
Top ActiveJobs
1h
Age OfNewest Job

Detection and SOAR Engineer, Mandiant Consulting, Google Cloud

GoogleApplyPublished 6 days agoFirst seen 6 days ago
Apply

In this role, you will collaborate with multiple cross-functional teams like Mandiant Architects, Mandiant Analysts, Client Information Technology (IT) resources, and other business resource owners. You will be responsible for enabling the technology and tools required to effectively accomplish daily tasks within a Cyber Defense Center (CDC). This includes maintaining operational readiness of the client Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platform, creating detection content and automations to support the daily tasks within the CDC. In addition, you may be responsible for setting appropriate configurations of the SIEM and SOAR or related response technologies required for a client's SOC to maintain effective incident detection and response capabilities.

Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.

Responsibilities

  • Identify challenges in customer Cyber Defense Centers (CDC) and formulate strategies for improvement, plan implementation of improvements, and execute/oversee plans to completion.
  • Advise on technologies relied upon by the client CDC, Computer Security Incident Response Team (CSIRT), and SOC.
  • Create and modify SIEM use cases written in both technology specific query language and Sigma open signature format. Create and modify SOAR playbooks written in Python.
  • Engage and collaborate with client stakeholders and other groups within customer environment to drive resolution for security issues.
  • Provide expertise for SIEM, SOAR and other SOC technologies that assist in incident response.

Minimum qualifications:

  • Bachelor's degree in Computer Science, Information Systems, Cybersecurity, a related technical field, or equivalent practical experience.
  • 5 years of experience in system administration, engineering, or a related technical role, with experience working with SOC/CSIRT, or other incident response related teams.
  • Experience with networking, including TCP/IP protocols and network topology, and scripting languages (PowerShell and Python).

  • Experience configuring and maintaining SIEM and SOAR technologies.

Preferred qualifications:

  • Certifications in one or more of the following: CompTIA Security+, CompTIA Network+; CISCO (CCNA); ISC2 (CISSP); SANS (GSEC, GCIH, GCED, GCFA, GCIA, GNFA, GPEN).
  • Experience with SOAR and its dependencies, managing and maintaining SOAR platforms, as well as integrating APIs into automation playbooks.
  • Experience managing and maintaining EDR, Network Detection and Response (NDR), or other incident response technologies.
  • Experience with SPL, KQL, or similar SIEM query languages, with an understanding of SIEM log flow, aggregation, and forwarding.
  • Understanding of security controls for common platforms and devices, including Linux and network equipment.
  • Ability to simplify and communicate complex ideas.