BlueVoyant is looking for a Security Operations Center (SOC) Technical Advisor / Security Engineer to help our global customers manage their IT security utilizing Microsoft solutions. You will be part of a fast-paced team that helps customers to reduce the impact of security incidents and ensures that critical business operations continue unhindered. This position is fully remote.
• Provide security and technical leadership to the SOC team and provide senior support to help respond and remediate security incidents utilizing BlueVoyant toolset.
• Provide the SOC with realistic scenarios and simulations for the purpose of advanced training, understanding, and practice, in the following areas:
o Red vs blue scenarios
o Purple teaming concepts
o Tools / capabilities exploration
• Contribute to technical strategy, draft requirements for product and engineering teams for SOC specific toolset needs.
• Contribute to technical strategy and technical thought leadership
• Delivery of functional value resulting from the research in the form of queries, signatures, rules, and contextual information (knowledge base articles)
• Serve as a technical liaison on behalf of the SOC for matters involving other BlueVoyant teams
• Provide (and coordinate) the SOC with deep technical and low-level training
• Serve as a Technical SOC SME in support to customers (customer facing) and support to sales and marketing
• Provide technical leadership to the SOC, as well as to BlueVoyant leadership
• Lead technically challenging projects with complex technology stacks across multiple modalities
• Supplemental in-depth research of exploits and vulnerabilities which have a high likelihood of occurring within BlueVoyant customer environments
• Serve as an active participant within the security community for the purpose of capturing bleeding edge research around exploits, vulnerabilities, and operations
• Provide technical feedback on the needs of the SOC and technical thought leadership
• Participate in the response, investigation, and resolution of security incidents
• Create knowledge base articles for handling medium and high severity incidents
• Assist in the advancement of security policies, procedures, and automation
• Develop incident response reporting and policy updates as needed
• Serve as the technical escalation point and mentor for lower-level analysts and SOC team members
• Regularly communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual
• Assist with advancing security standard operating procedures and incident response reporting.
• Excellent teamwork skills
• Hands-on experience with Microsoft Azure Sentinel, Defender ATP, O365 ATP, and other Microsoft security suites.
• Hands-on experience with Microsoft Azure Sentinel, Microsoft Threat Protection suite of security solutions (Defender ATP, Azure ATP, Office 365 ATP, Microsoft Cloud Application Security), Azure Active Directory, Azure Security Center, Azure Log Analytics, and M365 suite of solutions.
• Hands-on experience for the following:
o Configure data digestion types and connectors
o Analytic design and configuration of the events and logs being digested
o Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events
o Create incident categorization and threat management plan
o Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks
o Support ongoing development and troubleshooting of Azure Sentinel
o Advise and develop Azure Sentinel adoption migration roadmap for clients
o Ability to advise customers on the Microsoft Cloud Security capabilities across the Azure platform.
o Kusto Query Language (KQL).
• Strong experience with scripting languages (Python, PowerShell, others)
• Familiarity with other high level languages (C, C++, Go, Java, other)
• Strong experience with digital forensic analysis (host, network, other) and blue team operations
• A thorough understanding of purple team operations and the ability to conceptually apply this in an advanced manner
• Advanced knowledge and understanding of network protocols and devices.
• Advanced experience with Mac OS, Windows, and Unix systems.
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Ability to handle high pressure situations in a productive and professional manner.
• Ability to work directly with customers to understand requirements for and feedback on security services
• Advanced written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Strong teamwork and interpersonal skills, including the ability to work effectively with a globally distributed team
• Skilled in the creation of signatures for security tools
• Familiarity with tools such as Wireshark, TCP Dump, Security Onion, and Splunk
• Strong knowledge of the following:
o Packet Analysis
o SSL Decryption
o Malware Detection
o Network Monitoring Tools
o Case Management System
o Knowledge Base
o Web Security Gateway
o Email Security
o Data Loss Prevention
o Network Access Control
o Vulnerability Identification
• Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, penetration testing, or related areas
• 10+ years of experience in information technology or information security, 4 of which were spent dealing directly with Security Operations or in a Security Operations Center (SOC)
• Microsoft 365 Certified: Security Administrator Associate and GCFA, GCFE, or OSCP required. Certifications (2 or more of): OSCE, GCFA, GCFE, GNFA, GREM preferred
• Familiarity with tools such as IDA Pro, PEiD, PEview, Procmon, Snort, Bro, Kali Linux, Metasploit, NMAP, and Nessus
• Familiarity with Azure, AWS, and GCP cloud environments.
• Minimum bachelor’s degree in Information Security, Computer Science, or other IT-related field. Master’s degree in cyber security, computer science, information assurance, or similarly technical degree preferred. Exceptional candidates with proven experience in security/network operations will also be considered.
BlueVoyant combines world-class cyber defense talent with unique threat intelligence data to provide real-time, external, threat-monitoring services and comprehensive Managed Security Services. BlueVoyant’s distinctive Managed Security Service combines advanced endpoint protection, network monitoring, and remote remediation. In addition, BlueVoyant’s Managed Security Service are closely linked to its uniquely comprehensive and actionable real-time Threat Intelligence data, which combines internet traffic, Dark Web intelligence, and host-based threat data.
By working with BlueVoyant, companies can gain unique and far-reaching visibility into malicious activity on their networks, in the dark web and across the internet, as well as real-time, automatable remediation services. Through our unique real-time external threat monitoring, predictive human and machine-sourced intelligence, and proactive managed security and incident response, BlueVoyant offers the private sector exceptional cyber defense capabilities.