Login for faster access to the best deals. Click here if you don't have an account.

Security Operations Center Engineer Full-time Job

7 months ago Customer Services Broomfield   148 views
Job Details
The Role

Federal SOC Information Security Engineers will provide monitoring, triage, and escalation support for internal Federal SOC and External Customer operations. The SOC Information Security Engineers will work shifts to provide 24x7x365 coverage. SOC Information Security Engineers will work in tandem with other Information Security Engineers in the Global SOC and Federal NOC Organizations.

The Main Responsibilities
  • Review Global SOC Shift end Summary and SOC activity logs, emails, tickets, cases and other monitoring tools for complete understanding of previous shift activities and incidents with the goal of maintaining the highest level of customer service by keeping track of the critical customer impacting issue.
  • Provide monitoring and responding to alerts and events within SLAs. Services and systems include but not limited to Splunk (internal/external SIEM), DDOS- Distributed Denial of Services mitigation, Firewalls alerts (MTIPS and MSS), TrendMicro Anti Virus, Tripwire File Integrity Checks, IDS/IPS for customers.
  • Monitor multiple ticketing systems and queues. Ensure tickets are created and notated within SLAs
  • Login to phone call queues to answer both internal and external calls
  • Triage DDOS attacks targeted on Federal Customers.
  • Work closely with FedNOC, the Federal SOC Tier II and Ops Eng teams
  • Escalate issues to Vendors, SOC Tier II and Ops Engineers as soon as there is a need
  • Adhere to all defined processes and procedures.
  • Provide process and operational improvement suggestions. 

Competency requirements

  • Performs a long-term project leadership role working towards the development of new solutions, processes, tools, systems that have company-wide and possibly industry-wide impacts.
  • Frequent contact with senior leadership of customers and contractors for the purpose of creating and presenting innovative long-term solutions and managing key relationships. Acts as a resource within the engineering and scientific communities to develop solutions or handle the most complex tasks for which existing methods and procedures may not apply.
  • Provides consultation and advice to Federal customers, engineers and management regarding work functions, processes, methods, procedures, and tools. Develops and delivers technical and process training, including, documentation in areas of expertise and innovative areas of technology.
What We Look For in a Candidate
  • Have three years operational experience with 3 or more of the following security components.
    • Tripwire, TrendMicro, WebInspect, Tennable Nessus and Qualys vulnerability scanners, Splunk, Secure Log Management, Firewalls, Intrusion Detection.
  • Demonstrate a curiosity and a security threat hunting mindset.
  • Deal with work coming from diverse sources.
  • Diagnose Trip Wire Events, Trend Micro Events, System Events, Network Events from 4 Supported Environments with dissimilar architecture.
  • Access systems and restart security application agents.
  • Perform Gemalto Token PIN Provisioning, Repair, Revocation, re-provisioning, PIN change, Reset for internal and external Federal Customers.
  • Perform PIN and Token Tests to ascertain Gemalto MFA functionality is working properly.
  • Create multi-factor authentication (MFA) reports.
  • Perform MFA Token migration between servers.
  • Perform user verification in AD Systems as part of user authentication troubleshooting
  • Manually perform MFA systems checks to ascertain operational status.
  • Isolate trouble to a system by process of elimination.
  • Assemble and direct SWAT teams for Network wide Events.
  • Isolate BGP alerts and instruct the Federal NOC, IPSS, Strat Gov to follow-up on CPE or Circuit Issues.
  • Run searches in Splunk Search Heads.
  • Review alerts and reports in Splunk
  • Restart scheduled FISMA and STIGaaS Compliance vulnerability Scan or run adhoc Vulnerability Scans.
  • Respond to CDM (Continuous Diagnostics and Mitigation) Events.
  • Perform Analytics on events from customer networks per CDM Framework.
  • Take inbound call and work Ticket Queue for internal and external customers.
  • Manage Perimeter Fortigates and Palo Alto Firewalls in MTIPS, FEDRAMP Gov CCC, Palo Alto with IPS.
  • Resolve Customer Firewall Operations related changes and tickets.
  • Notify the CenturyLink FedNOC of a customer Low category event.
  • Notify the CenturyLink FedNOC of a customer Medium category event.
  • Notify the End User Federal Agency (EUA), and then the CenturyLink FedNOC, of a customer High Category Event.
Company Description
CenturyLink (NYSE: CTL) is a technology leader delivering hybrid networking, cloud connectivity, and security solutions to customers located in more than 60 countries. Through its extensive global fiber network, CenturyLink provides secure and reliable services to meet the growing digital demands of businesses and consumers. CenturyLink strives to be the trusted connection to the networked world and is focused on delivering technology that enhances the customer experience.