Network Security Sr. Advisor - SecureWorks
SecureWorks is a global leader in providing intelligence-driven information security solutions. We play an important role, as no organization in the world is immune from cyberattacks and the nature of the attack is changing every day. Internet security is a problem that will never be solved. Unlike point products that address a specific technology issue, we attack the problem holistically by analyzing threat actor tactics, techniques and procedures, and develop solutions using best-of-breed technologies to protect our clients. We are one of the best in the world at understanding the threat. In short, we give our clients an early warning capability. SecureWorks was founded in 1999 and headquartered in Atlanta, Ga., with offices in all the major security markets around the globe. We have more than 2,000 team members, and partner with more than 4,200 clients in 59 countries to keep the bad guys out of their networks. We’ve been consistently recognized by industry analysts, readers’ polls and as a leader in the Gartner Magic Quadrant for managed security services, worldwide.
Be part of an exciting team that deals with bleeding-edge information security attacks, malware infections, and incident response situations on a daily basis!
Working as a Cyber Threat Analysis Center (CTAC) Senior Intrusion Analyst in a 24x7x365 operations center environment with other security and networking professionals, you will extend your currently existing network and endpoint forensic analysis skillset through identification, assessment, review and authoring of incident reports in a variety of client environments. You will actively investigate malware infections, living off the land attacks, as well as a variety of other security incidents and provide clients with the impact of the threat, your assessment of the incident, as well as recommendations.
- Review security-related events and assess their risk and validity based on available network, endpoint, and global threat intelligence information in order to provide clients with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations
- Provide customers with understandable context around their security environment and threats
- Interface with clients to address their issues, concerns, and questions, and drive to satisfactory closure any issues that impact the service and its value
- Work with client and internal Dell SecureWorks incident response teams to resolve ongoing intrusions, malware outbreaks, and other security incidents
- Use experience gained during incident investigations as well as malware and exploit analysis to contribute to the development of endpoint-based indicators of compromise
- Provide mentorship to Dell SecureWorks team members and clients on security strategy, tactics, techniques, and procedures
As a managed security provider, SecureWorks expects its employees to understand and apply commonly known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned.
- Significant experience with and expert understanding of:
o Two (2) or more of the following operating systems (Windows, Linux, Mac OS) at a filesystem level
o Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.)
o Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)
- Experience with and strong understanding of:
o Malware and exploit kit functionality
o Operating system and application exploits
o Lateral movement, living-off-the-land, and persistence establishment mechanisms
o Detection of anomalous system activity
o Incident response and incident handling processes
- Strong technical communication skills, both written and verbal
- Attention to detail and great organizational and time management skills
- Excellent problem solving skills that would allow for the ability to diagnose and troubleshoot technical issues
- Client-focused with a passion for delivering service excellence
- Courage and willingness to challenge conventional wisdom
- Ability to research and characterize security threats including creating appropriate countermeasures
- 8 to 10 years of relevant experience or equivalent combination of education and work experience:
o Completion of a Master’s degree or equivalent program in Computer Science, Network Security, Information Security, or other applicable field and 2-4 years of work experience/research in the field
o Completion of a Bachelor’s degree or equivalent program in Computer Science, Network Security, Information Security or other applicable field and 4-6 years of work experience in the field
- GCIA, GWAPT, GCIH, GCFA/GCFE, GREM, OSCP/OSCE or similar certification preferred
- Experience in one or more of the following
o Penetration testing
o Malware reverse engineering
o Vulnerability discovery and assessment
o Digital forensics
- Demonstrated track record of identifying and pursuing strategic and complex areas of security research in collaboration with internal and external stakeholders at all levels, to include defining appropriate policies, practices, and countermeasures
- Host-based security tools (e.g. EnCase, FTK, etc.)
- Network-based security tools (e.g. tcpdump, wireshark, etc.)
- Malware analysis sandboxes and tools (e.g. Cuckoo, etc.)
- Experience with one or more of the following platforms:
o Carbon Black, Lastline, FireEye, RSA ECAT, etc.
- Regular expressions
- Database structures and queries
This position is located in Atlanta, GA.
SecureWorks is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: SecureWorks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at SecureWorks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. SecureWorks will not tolerate discrimination or harassment based on any of these characteristics. SecureWorks encourages applicants of all ages.
**Job:** **Network Security - Infrastructure Design and Management*
**Organization:** **Security Solutions*
**Title:** *Network Security Advisor - SecureWorks*
**Requisition ID:** *1700009F*