Jr. Cyber security engineer with Python scripting exp

About the position Responsibilities • Provide near real-time security monitoring in a 24x7 environment using a proprietary SIEM and cybersecurity tools. • Perform near real-time monitoring of alerts and escalate critical alerts in compliance with service level agreements. • Detect security incidents and analyze threats for complex and/or escalated security events. • Respond to customer Requests For Information using Linux command line skills to query raw logs for Indicators of Compromise (IOCs). • Develop internal and/or external documentation, such as detailed procedures, playbooks, and runbooks. • Perform level 2 assessment of incoming alerts and coordinate with tier III for critical priority incidents if necessary. • Perform incident response activities utilizing customer SIEM and cybersecurity toolkits. • Assist with quality control during onboarding of new customers to verify validity of Use Cases and generated alerts. Requirements • Ability to obtain GSA Public Trust clearance. • At least three years of experience in security-related fields including prior SOC experience. • Ability to communicate clearly and concisely in written and oral English. • Experience using a supported Security Incident Event Management (SIEM) for analytics. • Knowledgeable with scripting, parsing, and query development in enterprise SIEM solutions. • Experience in tuning use cases & content, driven from day to day optimizations, with understanding of best practices to ensure adjustments do not cause false negatives. • Experience with documenting processes and procedures as well as training team members on processes and procedures. • Exceptional problem solving skills. • Ability to drive process improvements and identify gaps. • Proactive in engaging with customers and management teams. • Thorough understanding of threat landscape and indicators of compromise. • Experience with incident response techniques related to network forensic analysis. • Experience investigating security incidents with SIEMs, use case development/tuning, and understanding of incident response. • Experience with IPS including analyzing alerts generated by the inspection with consideration to how signatures are written, and how to identify false positives. • Experience with implementing changes on next generation firewalls including firewall policy & content inspection configuration. • Skilled with Linux command line. • Experience with health and availability monitoring; understanding of device logging and ingestion, network troubleshooting, and device troubleshooting. Nice-to-haves • Scripting knowledge in Python, Powershell, Bash Shell, Java, etc. • Incident response experience utilizing different SIEMs and industry best practices. • Experience with customer service and supporting service desk functions such as IAM management. Apply tot his job