SOC Technical Lead
Discover. A more rewarding way to work.At Discover Financial Services, you’ll find yourself in the company of some of the industry’s smartest and most reliable professionals. And at a company that rewards dedication, values innovation and supports growth.Thrive in an environment that promotes teamwork and shared success. Build on a foundation of mutual respect. Join the company that understands rewarding careers like no other, with this exceptional opportunity:
The Discover Cyber Security Monitoring team is looking for experienced and qualified security professional to join our ranks. Our team serves alongside others in Cyber Security as experts in the detection and analysis of all technology-related security incidents. Our primary mission is the timely and accurate identification of cyber security incidents to maintain a safe and secure environment for our business, employees, and customers. We accomplish this goal through expert analysis of events and threats utilizing leading enterprise-grade security solutions and strong execution of our incident handling processes to deliver timely cyber security incident response.We’re looking for a talented, self-motivated professional with a strong passion for information security– and a burning desire to learn. We’re interested in people who enjoy being challenged on a daily basis to stay one step ahead of an ever-changing landscape of threats and adversaries. As a technical lead, this individual must have strong leadership qualities to act as a mentor and help support the advancement of the team. ***Please note that this role will be a 2nd shift work schedule***
- Act as a shift technical lead that oversees the daily SOC operations
- Assist and guide analysis when working high priority/visibility incidents or special requests
- Provide Feedback to Management on issues that could potential impact the SOC’s operation.
- Conducts malware analysis, identifying indicators of compromise, and knowledge of reverse engineering techniques.
- Monitoring of events & alerts from a multitude of technologies to detect malicious activity
- Detailed analysis using a variety of tools and techniques to investigate, navigate, correlate and understand security incidents to the fullest extent of the data available
- Data mining of log sources to uncover and investigate anomalous activity, along with related items of interest
- Maintaining documentation of policies and procedures
- Proper escalation and hand-off of security incidents for containment and remediation
- Routinely evaluate the overall effectiveness of active alerts
- Tuning of rules, filters and policies for detection-related security technologies to improve accuracy and visibility
- Promote a risk-aware culture, ensure efficient and effective risk and compliance management practices by adhering to required standards and processes.
- 5+ years of experience in Information Security, Incident Response, or related field
- Advanced knowledge of common operating systems (Windows, Linux, etc.) and basic endpoint security principles
- In-depth understanding of common networking services and protocols (TCP/IP, SSH, FTP, DNS, DHCP, SMTP, SSL, etc.)
- Expert knowledge of common security technologies (IDS, Firewall, SIEM, etc.)
- Experience utilizing forensic tools and techniques (Encase, FTK, etc.)
- Exceptional organizational abilities and attention to detail
- The ability to think creatively to find elegant solutions to complex problems
- Excellent verbal and written communication skills
- The desire to work both independently and collaboratively with a larger team
- A willingness to be challenged along with a strong appetite for learning
- Prior experience detecting, analyzing and/or responding to security incidents
- Demonstrated ability to analyze and correlate information from a wide variety of enterprise technologies
- In-depth understanding of common security threats, attack methodologies, vulnerabilities and exploits
- Programming experience (Python, Perl, etc.)
- Knowledge of regular expressions
- CompTIA Network+/Security+, CISSP, GIAC (GCIA, GCIH, GWAPT, GPEN, GREM, etc.), OSCP, CEH, etc.
#LI-KE We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.