Senior Threat Detection and Response Engineer
Direct Hire or Contract to Perm
$97K – $125K + 10% bonus
100% remote now, future – 2-3 days onsite per week as needed
We are searching for a Threat Detection & Response (TDR) Analyst that will join the Security Operations Center (SOC) and respond to cyber threats facing our networks, systems, and information assets. The TDR Analyst is engaged throughout the incident lifecycle from escalation to resolution and acts by collecting and analyzing threat intelligence, performing security monitoring activities, taking appropriate action based on exposure, and reporting recommendations to leadership. This position reports to the Senior Manager of Threat Detection and Response
Successful candidates will demonstrate a strong business acumen and possess a blend of general business, technology, and security competencies. This is a unique opportunity to work for a telecommunications company protecting national critical infrastructure.
- Detect and respond to workstation, server and network incidents using SIEM, behavioral analytics, and network analysis to promptly detect and mitigate the impact of cyber incidents.
- Track, respond, and document cybersecurity incidents in a consistent and well-organized manner from detection through resolution.
- Perform analysis of log files from a variety of sources (e.g., Windows or Linux hosts, network traffic, firewalls, intrusion detection system [IDS] logs, or application logs) to identify potential threats to the environment.
- Perform incident triage, to include scope, urgency, and potential impact, making recommendations that enable expeditious remediation.
- Review and respond to questions and escalated security events from Tier I analysts.
- Stay current with the latest trends in threat intelligence, security monitoring and incident response.
- Collect and review intelligence data from relevant sources including subscription and open-source feeds.
- Create and monitor reference sets across different applications to support threat hunting and monitoring.
- Develop ad-hoc scripts to extend capabilities and complete tasks-at-hand.
- Four or more years of technical experience in the Information Security field.
- Experience with Log Management/SIEM tools (e.g., Arcsight, IBM/Qradar, Splunk, Mcafee/Nitro, ELK, LogRythm, others)
- Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Strong experience triaging security events using a variety of tools including SIEM/SOAR/XDR in a security operations environment.
- Experience with network traffic, firewalls, ID, proxies, antivirus, mail, and spyware solutions.
- Cloud experience with AWS and/or Azure environments.
- Intermediate to advanced programming/scripting language experience, such as PowerShell, Python, or Bash.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles.
- Strong understanding of malware analysis concepts and methodologies.
- Proficiency with common cybersecurity frameworks and regulatory requirements like MITRE ATT&CK, Kill Chain, OWASP.
- Strong process execution, time management and organizational skills.
- Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- BS in Computer Science, Information Systems, Engineering.
- Experience with endpoint security agents like Carbon Black or CrowdStrike.
- Experience with network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump) and analysis techniques.
- Experience with host-based detection and prevention suites like Microsoft SCEP or OSSEC.
- Experience navigating and working in hybrid cloud environments.
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF).
- SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN are preferred, but not required.
For immediate consideration please contact Denise Wicks at DWicks@SynergisIT.com or call 770-346-7205.
Synergis serves a myriad of clients across nearly all industries, from start-ups to Fortune 100 companies. The outcomes of these relationships are demonstrated in a growing list of more than 300 clients and industry recognition by Inc. magazine and the Atlanta Business Chronicle. From its foundation in 1997, Synergis has been successfully recruiting and placing IT professionals in all areas of information technology. Synergis has been successfully recruiting and placing IT professionals for over 20 years. For more information about Synergis, please visit the company website at www.synergishr.com.
Synergis is an Equal Opportunity/Affirmative Action employer.
Apply with Github Apply with Linkedin Apply with Indeed