ManagedXDR – Security Advisor

Employer: Secureworks
Domain:
  • Engineering
  • IT Software
  • Telecommunication
  • Job type: full-time
    Job level: 1 - 5 years of experience
    Location:
  • BUCHAREST
  • nationwide
    Updated at: 03.12.2021
    Short company description

    Secureworks® (NASDAQ: SCWX) is a global cybersecurity leader that protects customer progress with Secureworks® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

    We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

    Requirements

    Secureworks® (NASDAQ: SCWX) is a global cybersecurity leader that protects customer progress with Secureworks® Taegis™, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

    We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

    Role Overview

    Be part of an exciting team that deals with bleeding-edge information security attacks, malware infections, and incident response situations on a daily basis. Protecting our clients from threat actors attempting to compromise their environments.

    Working as an Advisor in a security operations center environment with other security and networking professionals, you will extend your currently existing network and endpoint security investigation analysis skillset through identification, assessment, review and authoring of incident reports in a variety of client environments. You will actively investigate threat actor activity, malware infections, living off the land attacks, as well as a variety of other security incidents and provide clients with the impact of the threat, your assessment of the incident, as well as recommendations.

    Requirements

    Experience, Skills and Abilities

    Good experience with and excellent understanding of:
    - Security mechanism build within Operating systems
    - Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.)
    - Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)
    - Experience with and strong understanding of:
    - Performing both endpoint and network-based investigations
    - Reviewing logs to identify evidence of past intrusions
    - Pivot off indicators within networks to identify the scope and breadth of attacks
    - Malware and exploit kit functionality
    - Operating system and application exploits
    - Lateral movement, living-off-the-land, and persistence establishment mechanisms
    - Detection of anomalous system activity
    - Skills and/or abilities required to perform the essential functions of the job
    - Strong technical communication skills, both written and verbal
    - Attention to detail and great organizational and time management skills
    - Excellent problem-solving skills that would allow for the ability to diagnose and troubleshoot technical issues
    - Client-focused with a passion for delivering service excellence
    - Communication - The ability to make himself well understood by others through the capacity to clearly and convincing express his point of view, to actively listen and control the conversation flow)
    - Strong sense of urgency and ability to work under pressure
    - Possess high standard of integrity and confidentiality

    Education/Experience
    3-5 years of relevant experience or equivalent combination of education and work experience:
    - Completion of a Bachelor’s degree or equivalent program in Computer Science, Network Security, Information Security or other applicable field and 3-5 years of work experience in the field

    Preferred Certifications
    - One or more Industry certification from vendors such as: ISC2, GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Unix, Microsoft, Oracle, etc. (eg:GSEC, GCIA, GCIH, GCFA/GCFE, CEH, OSCP, eLearn THP or similar certification preferred)
    Language

    - English - Very strong verbal and written skills

    Responsibilities

    - Review security-related events and assess their risk and validity based on available telemetry from network, endpoint, and global threat intelligence information in order to provide clients with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations
    - Provide customers with understandable context around their security environment and threats
    - Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value
    - Work with client and internal SecureWorks incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents
    - Provide mentorship to SecureWorks team members and clients on security strategy, tactics, techniques, and procedures
    - Use the Secureworks platform to proactivity hunt for and investigate activity within the client environment
    - Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of indicators of compromise
    - Provide support for all other teams involved in the delivery of the service whenever they have questions or requests from clients about specific investigations/alerts/chat/tickets.
    - Provide feedback on flows/processes/tools issues and reported them according to internal processes.

    Other info

    Here are more reasons to join our team!

    Take a look at what we offer and feel free to reach out to us for more details!

    - Development programs and cybersecurity training/ certifications – because we grow together.
    - Internal Career Progression Plan for top performers - we encourage you to follow internal opportunities.
    - Regular workshops – we are the largest community of cybersecurity experts and we enjoy sharing our best practices during our Communities of Practice and to our trainees.
    - Work from home policy – your time matters.
    - Medical and Dental subscription – flexible package and you can include your family members.
    - Life Insurance.
    - Annual Performance Bonus.
    - Meal tickets.

    Why work with us?

    Secureworks, a Dell Technologies company, is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, colour, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics.