Global internet company

Key Responsibilities:
• Establish and improve existing operational procedures and security policy for maturity of SOC operation.
• New log source on boarding, health check, resources (ie EPS) for efficient operation of SIEM equipment
• Assist in operating SOC environment or infra (SIEM, IPS, FW, AWS, etc)
• Assist in managing SOC tasks (project management, error management, etc)
• Defend systems against unauthorized access, modification and/or destruction
• Respond immediately to security incidents and provide post-incident analysis
• Design and conduct security audits to ensure operational security
• Security assessment for new solutions in perspective of SOC.
• Research and recommend security controls
• Provide technical advice to colleagues across different business units
Basic Qualifications:
• 7+ years as a security engineer, with at least one year as part of a SOC or supporting a SOC/SIEM infrastructure as an engineer
• Understanding of the incident response process and enterprise information security fundamentals
• Awareness about security products and technologies, and networking protocols
• Knowledge of configuration of IT security appliances such as firewalls, IDS, IPS, FW, EDR and SIEMs
• Knowledge of security operations analysis, detection and response tools including but not limited to SIEM, IDS/IPS, EDR
• Knowledge of linux system and the type of logs. (application logs, system logs, etc)
• Ability to program and script to achieve the following- API interactions, automation, data parsing and clean up
• Ability to programmatically interact with APIs in security tools and platforms
• Strong process management background with a keen interest in continuous improvement
• Desire to learn new skills and improve current skills to deliver optimal services to the SOC
• Conceptual understanding of cloud computing
• Experienced in working in a public cloud environment preferred
• Ability to interact with Security analysts in order to derive requirements and convert those requirements to deliverable
• Self motivated
• Ability to be flexible and work during non-business hours (to support a global team in different timezones)
Preferred Qualifications:
• Certified in one or more of the following preferred: CISSP, CISA, CCNA, CISM, SANS GIAC
• Knowledge of Cloud service practices and principles (e.g AWS, Azure)
• Development experience in Web Services (HTTP, HTML, AWS, REST, SOAP, Atom)
• Development experience in Automation and Script (Linux shell, Python, Perl, Powershell)
• Experience in developing using Log Search (ELK, Splunk), TSDB (Time series DB)
• Knowledge of DevOps and Agile practices and principles
• Working knowledge of the current cyber threat landscape
• Understanding of major threats and threat actors and their relevance to the eCommerce industry