About the role
Working within our Cyber Security Operations Centre, the focus of this role is the deployment and implementation of security monitoring and detection technologies across Redscan’s ThreatDetect client base. This involves deploying, managing, monitoring and securing these systems, as well as performing maintenance to ensure they remain in optimum health.
- Provide any support required to implement automation or tuning requests
- Ensure our SOC team has all the required training to leverage the detection technologies appropriately
- Collaborate with pre-sales to determine which technology to use for any given opportunity
- Coordinate the configuration and production of all required reports from detection technologies
- Platform health and performance reporting
- Work with the project team to handle the technical aspects of onboarding
- Setting up clients on our platform, CyberOps
- Determining gaps in pre-sales requested information and what is actually required
- Perform asset discovery with the client
- Learn about technologies that we don’t yet manage, but which make up part of the service. Azure and AWS are good examples of this
- Implement appropriate data source collectors
- Confirming the data sources are being seen
- Tune the data collection to ensure it is in line with our security knowledge and, if applicable, the security posture of the client
- Document the onboarding process
- Manage the integration of additional data source
- Capture, develop, test and implement custom rule requests
- Manage the process of integrating an additional site/environment
- Provide any support the SOC needs to fulfill a log data request
- Undertake any resulting work required on the detection technologies based on the report findings. e.g. additional log sources, custom rule creation
- Management of all faults related to the detection technologies
- Deployment and configuration of the VS technology
- Configuration of the required scans
- Providing SOC with any training required for the VS technology
- Provide support for custom data reporting requests
- Must have administration experience with any security SIEM or EDR including for example AlienVault, Carbon Black, LogRhythm (strong preference), Crowd Strike, Darktrace, Qualys or other leading equivalents.
- Experience of security tools (firewalls, switches, Antivirus, cryptography, etc.)
- Understanding of information security concepts, standards, practices, including but not limited to firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring and log management and event monitoring/reporting.
- Strong understanding of TCP/IP, subnetting, routing, access control lists, firewalls, VPN, NAT and network traffic analysis.
- Strong organisational skills and an ability to attend to and prioritise projects.
- Ability to relay complex technical subject matter to non-technical decision makers.
- Demonstrable analytical and technical aptitude with focus on identifying and alleviating the root cause of issues to help solve problems.
- Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand, customer-centric environment
Qualifications and experience
- Preferred professional certifications include; CCNP, CISSP, SSCP, CEH, GIAC, Security+, OSCP, CRT.
- Preferred Degree in Information Systems or Computer Science. Bachelor’s Degree in Information Systems or Computer Science preferred.
- Experience with information technology security.
- Excellent communication skills and experience working in a collaborative environment.
- Experience deploying and implementing security monitoring technologies.