Sr. Security Operations & Cti Engineer

Job Description

JOB DESCRIPTION

ABOUT THE ROLE
• Provide incident response and be a key point of contact during all incidents. The CTI specialist will own the incidents from start to finish, which includes investigation, correlation, triage, response, mitigation, ticketing, documentation, postmortem analyses and forensic analysis
• Monitor our alert channels, SIEM/SOAR notifications and EDR/IDS/IPS solutions for incidents, threat hunt for malicious activity, triage as needed on a 24x7 basis and continuously tune rules to reduce false positives
• Grow and mature our threat intelligence program - gather, analyze and assess threat intelligence to report on the current and future threat landscape, and provide a realistic overview of risks and threats in the enterprise environment
• Pioneer our threat Intelligence Platforms: Develop and maintain threat intelligence system to ingest IOC data from multiple external threat intelligence feeds (STIX, TAXII). Monitor and maintain a MISP installation, indicator ingestion, and evaluate new threat feeds for MISP
• Enhance our Cyber Threat Resiliency Program capabilities with correlation, situational awareness and intel enrichment
• Develop strategies to detect new threats as they emerge, including those from the most sophisticated threat actors
• Apply knowledge of monitoring, analyzing, detecting and responding to cyber events to develop clever, efficient methods for the SOC to handle all incident types and to weaponize our threat hunting capabilities Research and develop new tools and capabilities that emulate real world adversary behavior
• Define and lead adversary emulation engagements to show the SOC how to respond to real-world adversaries
• Monitor threat landscape to identify new tactics, techniques and procedures employed by threat actors and update associated profiles
• Manage intelligence requirements from internal stakeholders across Operations, Enterprise Security and Security Architecture, soliciting feedback to continually drive improvements
• Conduct trending and correlation across threat intelligence data to establish patterns, identify proactive mitigations, and develop countermeasures
• Develop, manage, optimize and continuously improve processes to enhance the overall Cyber Threat Resiliency Program function
• Develop and formalize methods to achieve threat hunting by prioritizing hypotheses over data points
• Mentor and train security operation personnel on Cyber Threat Intelligence functions Document threathunts and train other team members on new CTI/IR processes
• Work with developers on the InfoSec team to build security automation workflows, enrichments and mitigations. Evaluate SOC policies and procedures and recommend updates to management as appropriate
• Work with the security engineering team to improve tool usage and workflows, as well mature monitoring and response capabilities

WHAT YOU WILL NEED
• Experience working in cybersecurity operations and incident response, to include utilizing Security Information and Event Management (SIEM) platforms, Intrusion Detection/Prevention Systems (IDS/IPS), and Vulnerability Management and Threat Intelligence applications
• 2+ of the following certifications : CEH, CISM, GCIA, GCIH, GCIA, GSLC, GICSP, GSEC, CEH, GWAP, CompTIA Net+, CompTIA A+, CompTIA Security+, CASP CE, SEC+, Splunk Core, OSCP, etc.
• Expert knowledge of cyber threat models such as the Diamond Model of Intrusion Analysis. MITRE ATT&CK Framework, and the Cyber Kill Chain
• Proficient operator of security tools such as endpoint protection/EDR, SIEM, IPS/IDS, HIDS/NIDS, Networking, firewalls, WAFs, Edge/endpoint security, DNS security, layered security, defense in depth practices, vulnerability scanning, malware analysis tools, networking tool for full packet analysis, data encryption, data loss prevention, etc.
• Forensics and/or malware analysis experience is a plus, which includes hands-on experience completing malware analysis, memory analysis and disk forensic
• Programming/scripting experience (bash, python, PowerShell)
• Linux/Unix OS, Windows and Mac administration skills
• Intimate understanding of technology and be motivated to constantly learn new technologies
• Strong ability to learn and research new things, including tools, languages, frameworks, etc.
• Excellent verbal and written communication skills
• Collaborative mindset that thrives in a fast paced environment

#Ll-Hybrid

#Ll-KD1

Learn more about Fox Tech at https://tech.fox.com
#foxtech

At FOX, we foster a culture and environment where everyone feels welcome and can thrive. We are deeply committed to diversity, equity, and inclusion, including attracting, retaining, and promoting diverse talent across our company. We live in a diverse world, with different ideas and different perspectives that come together to spark new ideas and make great things happen. That means reflecting the diversity of the world around us is critical to our company's success. We ensure that our viewers, communities and employees feel heard, represented, and celebrated both on screen and off.

Click here to learn more about the diverse communities of people behind our brands.

Pursuant to state and local pay disclosure requirements, the pay range for this role, with final offer amount dependent on education, skills, experience, and location is: $118,000.00-158,000.00 annually for California. This role is also eligible for an annual discretionary bonus, various benefits, including medical/dental/vision, insurance, a 401(k) plan, paid time off, and other benefits in accordance with applicable plan documents. Benefits for Union represented employees will be in accordance with the applicable collective bargaining agreement.
View more detail about FOX Benefits.

Jobcode: Reference SBJ-ro2993-18-227-89-143-42 in your application.