This is an exciting opportunity for talented, energetic individuals to join a practice that is experiencing significant growth. We are looking for candidates who have demonstrated academic, business, and technical excellence, with strong all-around capabilities and a great cultural fit. Individuals who thrive in a dynamic, fluid, and entrepreneurial environment will excel and find a wide range of opportunities within our growing practice. This is an excellent opportunity for those seeking a firm with great career progression opportunities and the chance to be part of building a premier cyber consulting team.

Value to the Team: You will bring a wealth of practical experience to the team, particularly in the realm of cybersecurity and incident response. Your proficiency in Azure Sentinel, combined with expertise in KQL queries and Threat Use Cases Logic, positions you as a valuable asset. You are well-versed in playbook automation, skilled in crafting effective threat-hunting queries, and familiar with EDR/XDR toolsets. Additionally, your background includes hands-on experience in tabletop exercises and collaboration with CSIRT teams. Please note that this role may involve off-hours shift coverage, rotations, or on-call duties.

Responsibilities: In this role, you will:

• Serve as the primary point of contact during high-severity incidents, ensuring swift containment and resolution in collaboration with the CSIRT team.
• Assess escalated issues from L2 SOC analysts to determine increased risk to the business.
• Review log data against security technology rules, proposing enhancements to threat detection.
• Collaborate with SIEM Engineers to fine-tune security events and improve alert detection rates.
• Develop and maintain incident response playbooks, identifying areas for improvement and suggesting task automation.
• Work closely with CTI teams to enhance our threat detection, suggesting threat use case development based on Tactics, Techniques, and Procedures (TTPs).
• Analyze critical events and security tickets to evaluate the effectiveness of incident management processes and suggest improvement plans.
• Stay updated on security threats, countermeasures, security tools, and advancements in Cloud Security and SaaS technologies.
• Track incidents against frameworks such as SANS and MITRE ATT&CK.
• Provide technical and thought leadership within the SOC, guiding and mentoring other analysts.

Skills:

• Over 7 years of highly technical experience in a SOC environment.
• Relevant certifications such as CISSP, CISM, SANS, CISA, CompTIA Security+, CompTIA CySA+, or GIAC.
• Hands-on experience with Microsoft Sentinel or other SIEM and SOAR technologies.
• Proficient in Microsoft Defender Endpoint, CSPM/CWP, or similar technologies, with a focus on vulnerability assessment and recommendation.
• Experience in malware analysis and reverse engineering.
• Business development expertise, including research, analysis, and proposal writing.
• Evaluation of control frameworks, risk assessment, and opportunities for enhancement.
• Knowledge of enterprise asset lifecycle management, including patch management, vulnerability management, security architecture, and endpoint management.
• Expertise in cloud transformation, architecture, and security operations.
• Leadership experience in managing complex projects.
• Strong communication skills, effectively presenting strategies, solutions, and insights to stakeholders.
• Experience in a leadership role, providing mentorship and knowledge sharing to the team and junior/intermediate analysts.