Defy Limits Banner

SOC L3 (INCIDENT RESPONDER) - REMOTE

KMC Work Location: OFFSITE

Location: Taguig City, Metro Manila

Date Posted: 2022-09-01

Hiring Organization: KMC Solutions | XTN-3409413

Career Category: Network /System / Database Administration

Salary: ₱140,000.00 - ₱160,000.00

The Purpose Driven Career Objectives of a Network /System / Database Administration at KMC:

Nuspire is a leading managed security services provider (MSSP) founded over 20 years ago to revolutionize the cybersecurity experience by taking an optimistic and people-first approach. Our deep bench of cybersecurity experts uses world-class threat intelligence as part of a Fusion Center to detect, respond, and remediate advanced cyber threats.

 

Position Description:

The L3 Incident Responder performs in-depth computer security investigations and required actions per the documented incident response lifecycle. This position requires advanced knowledge in areas including security threats and tools, incident investigation, operating systems, and networking,

As a L3 Incident Responder, you will be responsible for monitoring, detecting and responding to security events and incidents to determine root cause analysis.  You will be expected to function as a subject matter expert across multiple security domains and help mentor and coach L1 and L2 incident handlers on investigative techniques and investigation processes.  You will gain technical knowledge across attack scenarios and gain experience across multiple security and technology platforms. This opportunity is in a 24x7x365 environment, requiring availability for all shifts including nights, weekends and holidays.

To apply for Network /System / Database Administration, you are excellent at:

  • Conducting triage/categorization of potential Events and Incidents
  • Conducting initial evidence collection, case creation, and coordination/hand-off to other teams as necessary
  • Conducting full investigations
  • Assisting senior leadership in determining critical incidents
  • Responding in a timely manner (within documented SLA and Run Book) to support tickets.
  • Contributing to Incident Handling documentation such as standard operating procedures, playbooks, briefings and executive reports
  • Utilizing SIEM for detection and investigation of security events and incidents
  • Utilizing case management tools to document and track investigations
  • Performing threat mitigation as required
  • And such other tasks as may be given by the EMPLOYER and/or Client analogous to the foregoing.

Your Success Profile includes:

  • At least 5-10 years of security experience
  • Advanced incident investigation and response experience
  • Advanced knowledge of networking concepts (TCP/IP, Routing, Switching)
  • Advanced knowledge of network defenses such as firewalls, IDS/IPS, Proxies
  • Advanced experience with scripting
  • Advanced knowledge of operating systems such as Windows, Linux, Mac, Unix
  • Advanced knowledge of common attack vectors
  • Advanced experience working in SIEM and EDR platforms
  • Moderate knowledge of audit requirements and controls (PCI, HIPAA, SOX, etc)

 

Preferred Skills:

  • The ability to review packets with tools such as Wireshark and TCPdump
  • Advanced understanding of the TCP/IP packet framework
  • Advanced understanding of MITRE ATT&CK and Cyber Kill Chain frameworks
  • An ethical hacking/penetration testing experience
  • An attacker mindset
  • Moderate understand of different cryptographic algorithms
  • Experience in detect and response positions where isolation and containment procedures were used
  • The ability to explain technical security events to non-technical audiences
  • Understanding of cyber fraud and the attack vectors

 

Education/Certifications/Training Required:

  • Bachelors’ Degree in Computer Science, Information Security Assurance, or equivalent experience

 

Education/Certifications/Training Preferred:

  • GIAC, GCIH, GMON, OSCP, CEH, CEPT
  • CCNA, CCNP
  • CISSP