Principal Security Operations Analyst at Motorola Solutions
If you are a current Motorola Solutions employee, please click this link to apply through your Workday account.Company Overview
At Motorola Solutions, we create technologies our customers refer to as their lifeline. Our technology platforms in communications, software, video and services help our customers work safely and more efficiently. Whether it’s helping firefighters see through smoke, enabling police officers to see around street corners, or reliably keeping the lights on in homes and businesses around the world, our work supports those who put their lives on the line to keep us safe. Bring your passion, potential and talents to Motorola Solutions, and help us usher in a new era in public safety and security.
Department OverviewOur team is growing in Salt Lake City, Seattle and Chicago, and we are looking for a Security Operations Analyst to join the Cloud Infrastructure Engineering (CIE) team, in the Motorola Solutions Software Enterprise business unit. The team you would be joining hosts and manages the suite of public safety SaaS applications known as CommandCentral (see https://www.motorolasolutions.com/en_us/products/command-center-software.html ).
As a security operations specialist in CIE, you will be part of a team that is responsible for the security of mission critical systems that are used everyday by public safety and government agencies across multiple countries. In this role, you will also be working on a world-class team that uses state of the art technologies and techniques. Your efforts will help to shape engineering culture and standards across our software product organization.
Your main responsibility will be to ensure that the systems that we deploy are being properly monitored. You will work closely with application developers and platform engineers to understand the components in the system and the logs they generate. You will support the MSI 24x7 SOC during application onboarding and incident investigations.
You will monitor alerts from Azure Advanced Threat Protection (ATP), Twistlock Runtime Defenders, and other sources of alerts, triage the alerts and coordinate necessary remediations.
Understand system components in the CommandCentral SaaS and the logs they produce.
Identify specific log records needed to detect security events and create alerts based on those identified records.
Work with application development teams to ensure security events are being properly logged and identifiable as security events.
Design, hold and participate in game day exercises with simulated incidents.
Train SOC monitoring personal on basic alert triage techniques.
Perform threat hunting using the SIEM, IDS, Azure Security Center and other tools.
Investigating indicators of compromise.
Performing triage on alerts by by pulling in system subject matter experts to determine the alert criticality and scope of impact.
Work with other members of the cybersecurity team, the cloud infrastructure engineering team and applications development teams to understand the full impact of detected security events.
Support forensic analysis by providing information regarding logged network activity, access to storage accounts and other events of interest.
Good interpersonal skills and ability to collaborate with a variety of work partners including developers, product management, tech support, legal, and senior management.
3 years experience working as an analyst in a security operations center, including hands-on experience working with commercial SIEM products (such as Splunk, Arcsight, or QRadar).
A Minimum of 5 years of experience administering or monitoring both Linux and Windows systems. Strong familiarity with Linux is required.
Strong familiarity with using Elasticsearch/Kibana
Strong familiarity with cyber security concepts, common attack vectors and threat hunting techniques.
Familiar with the security logs generated by Linux, Kubernetes, Docker, Web Application Firewalls, and IDS/IPS systems.
Strong scripting experience.
Strong familiarity with the functions of a WAF and IDS.
Strong familiarity with incident response planning and Incident response best practices.
Familiar with modern web based application design and application security principles.
Familiarity with IP network concepts. NOC experience is a plus.
Familiarity with Identity Management OAuth, OpenID Connect and PingFed is a plus.
The following certificates are a plus, CISSP, CCSP, GCIA, GCIH, GCFA, or GCFE
Must be a U.S. citizen with the ability to obtain necessary security clearance as required by government contracts. Some contracts may have higher-level clearance requirements.
5+ years of hands-on experience with managing, and monitoring both linux and Windows servers in cloud environments like Azure and AWS
3+ years of experience with SIEM products
High school diploma
Travel RequirementsUnder 10%
Referral Payment PlanYes
Motorola Solutions is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran's status, or, any other protected characteristic.