Infovision is looking for talent for a senior soc engineer position in mexico (remote).what you’ll need- experience working in cyber security operations
- thorough understanding of the threat landscape, the latest security trends, attack vectors for corporate and cloud environments, and how build detection and response tooling to identify and respond to malicious actors
- experience with building and scaling soar/siem technologies
- experience with incident detection and remediation
- strong working knowledge of threat vectors, vulnerabilities, and what anomalies to look for
- strong working knowledge of linux and/or windows logs & indicators
- one or more scripting languages to automate or build features, python, or powershell preferred.
- hands-on experience with incident response and monitoring tools, such as siem, edr, firewall management.
- excellent communication skills, especially the ability to communicate security risks in “business” rather than purely “engineering”
- strong understanding of cyber security best practices and frameworks such as nist, mitre, att&ck framework, and owasp top 10what you’ll do- in this role you will work closely with the cyber security organization to build monitoring and response tooling and processes to improve our monitoring and response capabilities
- logging - get all security relevant cloud, infrastructure and application logs parsed, and into our siem
- detection - setup detection and prevention rules and policies, poc and deploy tools that help with detection, tune/audit deployed rules/policies in security tools on true and false positives, setting up a detection framework, threat intel framework/program, ato detection program/framework etc.
- response - build plan and procedures for incident response, create playbooks to be followed, automate response, develop/deploy malware analysis tools and techniques, forensic tools and techniques to capture evidence/malware, poc and deploy tools that help with response, integrate with customer service teams and engineering teams etc.
- build security alerts & dashboards in various incident response tools. Monitor for suspicious activities/alerts in the cloud/infrastructure/application from various sources such as internal reports from employees as well as external reports such as customers/social media, vendors, partners, bug bounty programs etc., deployed/integrated security tools, data visualization tools etc.
- analyze these suspicious activities/alerts including malware analysis and forensics
- respond to security alerts and incidents, respond to novel issues and take appropriate action to remediate and resolvewe offer:- benefits above law
- competitive salaryapply here, or send to me your updated resume right to my email:javier.rivera@infovision.com