As Engineer for the Security Operations Centre (SOC), you are a member of a team which manages IT security on behalf of customers to reduce the impact of security incidents and system compromises. This team provides Security Engineer support, event investigation and analysis, and countermeasure proposals. As part of the team responsible for the 24×7 Security Event Management Service, you will be responsible for the following items:
ESM Administration (70% of work)
- Provide system administration and maintains operations of ESM appliances.
- Deploys and maintains all hardware and software of ESM.
- Asset tag all systems with the ESM.
- Implements ESM migration/compliance strategy.
- Monitor system health, Troubleshoot ESM product issues, and outages.
- Daily maintenance, such as testing and configuring of alerts within the ESM.
- Writes custom Snort rules to be imported into the ESM.
- Creates advanced ACE rules to run with the ESM.
- Adjust the Intel ESM rules to fit the needs of the client by means of suppressing and thresholding.
- Builds Reporting and metrics as requested by the customer.
- Creates change tickets and speaks as needed for change control board tickets related to ESM
- Performs routine application upgrades for ESM.
- Responses to audit requests or findings.
- Creates detailed documentation for change management in relation to ESM.
- Performs knowledge transfer to other Herjavec Group Employees or client personnel as assigned by manager
- Provides rotating on-call support and after hour Security Event monitoring and response under a 24/7 Security Operations environment
- Creates and maintains detailed documentation based on existing process and procedures for any ESM related activities.
- Integrates all modules of the Intel Security Suite into ESM.
- Baselines the all alerts within the ESM for 30/60/90 days.
- Designs and maintains all dashboards within the ESM
Secondary functions (30 % of work)
- Serve as a backup subject matter expert for one or more of the following technologies: Intel McAfee NSM, ELM, ATD, HIPS, HIP, VSE, TIE, ACE, DLP, Tanuim, Application Control, Global Threat Intelligence, Move, and Endpoint for MAC, Fire Eye, or any other technology listed the the Statement of work for each client.
- As a backup administrator of one or more of the above technologies, the following will be required:
- Provide system administration and maintain operations of the Security Technology while Maintaining appliance agent deployment at or above 98% host saturation.
- Monitor system health, troubleshoot product issues and outages.
- Resolve appliance operating system issues as needed.
- Perform daily maintenance, such as testing and installing patches, updates, hotfixes as needed.
- Reporting and metrics as needed.
- Download, test, and install application patches as needed.
- Perform routine application upgrades (Complex upgrades will be designed, tested, and approved by the Local customer.)
- Responses to audit requests or findings.
- Transfer knowledge to other Herjavec Group Employees or client personnel as assigned by manager as needed
- Monitor reported information security events on a daily basis using Splunk, Sumo-logic, and NSM while ensuring critical events are escalated within customer SLA agreement and documented in order to quickly respond and protect against threats to the organization’s information assets.
- Perform security log analysis during Information Security related events, identifying and reporting possible security breaches, incidents and violations of security policies.
- Effectively liaise and communicate with the Remote Global Monitoring Security Operations Centers, key business stakeholders, and management regarding information security incident events and trending.
- Other duties as assigned.
Must have demonstrated knowledge and experience with three or more of the following:
- UNIX, AIX & Solaris.
- Windows Server Operating Systems.
- Internet Connectivity and Protocols (TCP/IP).
- Wireless Networking.
- Network architecture best practices.
- Security Operations Centre/Information Protection Centre/Computer Incident Response Centre
- Enterprise Security Information Management systems.
- VPN Communication Protocols.
- Switches/Routers (basic configuration).
- Network/System Intrusion Detection or Prevention Systems.
- Understanding of basic security concepts: Principle of Least Access, Compartmentalization etc.
- Firewall (configuration knowledge).
- Asset Management.
- Security threat and attack countermeasures.
- Must become Intel certified for NSM, ESM, and ACE within 3 months.
- Critical Thinking and Analytical skills.
- Excellent written and verbal communication skills.
- Strong troubleshooting and problem-solving skills.
- Team player with the ability to work autonomously.
- Ability to prioritize, and reprioritize work as required.
- Ability to be on Call on a rotational basis.
- Ability to obtain and maintain a Nevada and Michigan Gaming licenses.
How to Apply
If interested, please click on the following link and complete an application: ESM Engineer – Click Here
About Herjavec Group:
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services and incident response. Herjavec Group has offices globally including across Canada, the United States, and the United Kingdom. For more information, visit www.herjavecgroup.com