Security Engineer, GSOC @ Areteir

SUMMARY

The Security Engineer GSOC is responsible for all aspects of onboarding and troubleshooting for SentinelOne and AlienVault for all MDR engagements.

The Security Engineer GSOC provides onboarding support, SentinelOne agent installation, troubleshooting the issues if any, sensor deployments in AlienVault and deployment of other components in SIEM solutions, log source onboarding in SIEM, and related activities for all active engagements. The Security Engineer GSOC supports overall implementation by providing necessary support for current matters. The Security Engineer GSOC role takes direction on what is needed regarding all aspects of SentinelOne and AlienVault for the engagements. The Security Engineer GSOC works with the MDR team to support SentinelOne installations, interoperability issues, exclusions, whitelisting, and overall troubleshooting. The Security Engineer GSOC ensures that SentinelOne is deployed to a client s environment they are fully protected by it and clients opting for SIEM solutions are aptly covered from security standpoint.

ROLES & RESPONSIBILITIES

Communicates with the client to initiate the onboarding.

Prepares and shares the network prerequisites and SentinelOne packages

Ensures all required details are in place before an activity is started

Handles all SentinelOne-related inquiries and tasks for their assigned projects

Documents SOP and procedures related to common client inquiries related to SentinelOne deployment, support, and troubleshooting

Provides resolution for onboarding/performance-related issues to MDR team or engages directly with the client with guidance

Provides daily reports on SentinelOne deployment status

Provides technical training and acclimation for clients to familiarize themselves with the S1 interface and functionalities

Drives all AlienVault deployments with customers

Understands the architecture, deploys the sensors, and prepares the log baseline for assets in scope for log collection

Ensures ingested logs are parsed properly and alarms are getting triggered as expected

Develops custom parsers for applications to onboard them to SIEM solutions

May perform other duties as assigned by management

SKILLS AND KNOWLEDGE

Working understanding of API queries

Working understanding of scripting

Working understanding of developing PowerShell scripts and writing batch files for ad hoc requirements

General understanding of Windows and Unix Intervals

Working understanding of information security.

Thorough understanding of analysis techniques for reviewing large datasets

Working understanding of TCP/IP and OSI Model

Thorough understanding of the Incident Response Life Cycle (Preparation, Identification, Containment, Eradication, Recovery, Lesson Learned)

Working understanding of the MITRE ATT&CK framework

Ability to communicate in both technical and non-technical terms both oral and written

General understanding of:

o Network Security Monitoring (NSM), network traffic analysis, and log analysis

o Penetration Testing / Vulnerability Scanning

Thorough understanding of enterprise security controls in Active Directory / Windows environments

Experience with hands-on penetration testing against Windows, Unix, or web application targets

JOB REQUIREMENTS

Associates degree and 6-8 years of IT security-related experience or Bachelors degree and 2-5 years related experience

Current or previous experience with Endpoint Detection and Response (EDR) toolsets

SOC/CIRT team experience

Applied knowledge in at least one scripting or development language (such as Python), preferred

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties and skills required personnel so classified.

WORK ENVIRONMENT

While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodation may be made to enable people with disabilities to perform the essential functions of this job.

PHYSICAL DEMANDS

No physical exertion required

Travel within or outside of the state

Light work: Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force as frequently as needed to move objects

TERMS OF EMPLOYMENT

Salary and benefits shall be paid consistent with Arete salary and benefit policy.

FLSA OVERTIME CATEGORY

Job is exempt from the overtime provisions of the Fair Labor Standards Act.

DECLARATION

The Arete Incident Response Human Resources Department retains the sole right and discretion to make changes to this job description.