Dell – Atlanta, GA
Network Security Advisor – SecureWorks-17000OA4
Network Security Sr. Advisor – SecureWorks
SecureWorks is a global leader in providing intelligence-driven information security solutions. We play an important role, as no organization in the world is immune from cyberattacks and the nature of the attack is changing every day. Internet security is a problem that will never be solved. Unlike point products that address a specific technology issue, we attack the problem holistically by analyzing threat actor tactics, techniques and procedures, and develop solutions using best-of-breed technologies to protect our clients. We are one of the best in the world at understanding the threat. In short, we give our clients an early warning capability. SecureWorks was founded in 1999 and headquartered in Atlanta, Ga., with offices in all the major security markets around the globe. We have more than 2,000 team members, and partner with more than 4,200 clients in 59 countries to keep the bad guys out of their networks. We’ve been consistently recognized by industry analysts, readers’ polls and as a leader in the Gartner Magic Quadrant for managed security services, worldwide.
Be part of an exciting team that deals with bleeding-edge information security attacks, malware infections, and incident response situations on a daily basis!
Working as a Cyber Threat Analysis Center (CTAC) Senior Intrusion Analyst in a 24x7x365 operations center environment with other security and networking professionals, you will extend your currently existing network and endpoint forensic analysis skillset through identification, assessment, review and authoring of incident reports in a variety of client environments. You will actively investigate malware infections, living off the land attacks, as well as a variety of other security incidents and provide clients with the impact of the threat, your assessment of the incident, as well as recommendations.
Review security-related events and assess their risk and validity based on available network, endpoint, and global threat intelligence information in order to provide clients with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations
Provide customers with understandable context around their security environment and threats
Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value
Work with client and internal Dell SecureWorks incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents
Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of endpoint-based indicators of compromise
Provide mentorship to Dell SecureWorks team members and clients on security strategy, tactics, techniques, and procedures
As a managed security provider, SecureWorks expects its employees to understand and apply commonly known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned.
Significant experience with and expert understanding of:
o Two (2) or more of the following operating systems (Windows, Linux, Mac OS) at a filesystem level
o Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.)
o Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)
Experience with and strong understanding of:
o Malware and exploit kit functionality
o Operating system and application exploits
o Lateral movement, living-off-the-land, and persistence establishment mechanisms
o Detection of anomalous system activity
o Incident response and incident handling processes
Strong technical communication skills, both written and verbal
Attention to detail and great organizational and time management skills
Excellent problem solving skills that would allow for the ability to diagnose and troubleshoot technical issues
Client-focused with a passion for delivering service excellence
Courage and willingness to challenge conventional wisdom
Ability to research and characterize security threats including creating appropriate countermeasures
8 to 10 years of relevant experience or equivalent combination of education and work experience:
o Completion of a Master’s degree or equivalent program in Computer Science, Network Security, Information Security, or other applicable field and 2-4 years of work experience/research in the field
o Completion of a Bachelor’s degree or equivalent program in Computer Science, Network Security, Information Security or other applicable field and 4-6 years of work experience in the field
GCIA, GWAPT, GCIH, GCFA/GCFE, GREM, OSCP/OSCE or similar certification preferred
Experience in one or more of the following
o Penetration testing
o Malware reverse engineering
o Vulnerability discovery and assessment
o Digital forensics
Demonstrated track record of identifying and pursuing strategic and complex areas of security research in collaboration with internal and external stakeholders at all levels, to include defining appropriate policies, practices, and countermeasures
Host-based security tools (e.g. EnCase, FTK, etc.)
Network-based security tools (e.g. tcpdump, wireshark, etc.)
Malware analysis sandboxes and tools (e.g. Cuckoo, etc.)
Experience with one or more of the following platforms:
o Carbon Black, Lastline, FireEye, RSA ECAT, etc.
Database structures and queries
This position is located in Atlanta, GA.
SecureWorks is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity and/or expression, national origin, protected veteran status, disability, genetics, or citizenship status (when otherwise legally authorized to work) and will not be discriminated against on the basis of such characteristics or any other status protected by the laws or regulations in the locations where we operate. SecureWorks encourages applicants of all ages.
Network Security – Infrastructure Design and Management