Security Operations Center Engineer, CI Group EMEA, Česká republika, Europe or USA

As a SOC Engineer, you will be responsible for:

• Incident Management and Incident Response.
• Monitoring and responding to security events and incidents using SIEM, IDS/IPS, and other security tools
• Creating Azure Sentinel Analytics rules as per user requirement
• Creating Azure Sentinel playbooks for Threat response
• Creating Logic app for automation in azure sentinel
• Creating workbooks in Azure sentinel as per requirements
• Integrating device with azure sentinel using data connector
• Providing access to users via PIM in azure
• Deploying Azure AD identity protection rules
• Deploying Azure AD Conditional access policy
• Configuring Azure MFA policy
• Configuring and managing Azure AD services
• Finding root cause for incidents, making/suggesting changes to improve security measures in an organization
• Deploying Azure VMs (Windows Server and Linux) in a highly available environment
• Being accountable for managing Web proxy settings through Proofpoint, Office ATP, and MacAfee web proxy, as well as email security
• Maintaining reliable and functional security across all environments by recommending and implementing security enhancements, testing, and validation
• Conducting vulnerability assessments and providing remediation guidance
• Providing security guidance to internal teams to harden the environment
• Responding to security incidents and conducting post-incident analysis
• Assisting in performing risk analyses and security assessments
• Maintaining knowledge of current security trends and communicating them to the team
• Supporting cloud and on-premise security tools and monitoring platforms
• Providing vulnerability monitoring and patch management oversight support
• Identifying abnormalities and reporting violations using security tools
• Monitoring public security advisories and alerts for information related to threats and vulnerabilities
• Strategically defining and implementing additional preventive and detective capabilities or data sources to improve telemetry.

To be considered for this role, you should have:

• Strong networking background with expertise in security operations and incident response
• Experience with SIEM, IDS/IPS, and other security tools
• Experience with cloud technologies such as AWS, GCP, and/or Azure
• Knowledge of networking protocols and technologies, including TCP/IP, BGP, OSPF, MPLS, VLAN, and VPN.
• Experience in scripting (Bash, Python, and/or Ruby)
• Experience in vulnerability assessments and remediation
• Knowledge of current security trends and threat landscape
• Ability to communicate security concepts to technical and non-technical stakeholders
• Bachelor's degree in Computer Science, Information Security, or a related field
• Willingness to work during US Business hours
• Certification in network or security-related fields, such as CCNA, CCNP, CISSP, or CISM, is a plus.
• Experience in SOC across Security Analysis, Security Monitoring, Security & knowledge of Microsoft endpoint defender
• A demonstrated history of working in Incident Response and Threat Hunting.
• Having Hands-on experience on SIEM tools like Monitoring real-time events and analysis Security Monitoring and Operations Microsoft Azure sentinel, IBM QRadar, DLP and Device Management.
• Worked on network analysis tools, Wireshark, Vulnerability Assessment Tools to gather logs on security incidents in the environment.
• Knowledge of Email Security Threats and security controls, including experience on Analyzing email headers, attachments, and URL’s.
• Exposure to tools like ConnectWise, JIRA, ManageEngine
• Experience in generating Daily, Weekly Monthly Reports.
• Managed security incident and event investigation activities in Security operation center (SOC) environment and developed new IT security use cases, policies for incident detection, intrusion analysis to minimize the operational and organizational impact
• Supported Azure, AWS, and other cloud security tools and technologies.
• Additionally, concentrate on implementing suggestions in the areas of O365 and Azure AD secure score.
• Experience in architecting and designing technical solutions
• Experience using KQL for hunting in sentinel and Defender ATP to achieve goals, identify the right resources, subject matter experts, and stakeholders.
• Effective written and oral communication skills with a variety of stakeholder groups, from junior employees to senior executives.
• Must have a valid tax ID and be able to create invoices

Our team is composed of experts in their fields who are passionate about delivering high-quality work and maintaining a positive work culture. As a SOC Engineer, you will have the opportunity to make a significant impact on our company's security posture and help protect our customers' data.

• Work remotely from anywhere in the world, with a fully remote team, and enjoy a mutually agreed schedule that fits your needs. (Core US working hours) 
• Work primarily with US-based colleagues, providing you with the opportunity to collaborate with people from diverse backgrounds and skill sets.
• Use your skills and expertise to make a significant impact on the security posture of our company, and help protect our customers' data from cyber threats.
• Work in a supportive environment that values your contribution and provides you with the resources and training you need to grow in your career.
• Enjoy a 40-hour workweek that provides you with a healthy work-life balance, and the time to pursue your personal and professional goals outside of work.