• Master utilizing the technical tools and procedures used to manage the SOC
• Deep understanding of how SIEM/SOAR technologies function
• Experience in administrating and maintaining Elasticsearch
• Experience in problem solving during incident response event
• Experience with planning and executing focused threat hunt operations
• Collaborate with all SOC experts to monitor, identify and make notifications on cybersecurity matters to provide a holistic and seamless cybersecurity experience for the client
• Analyze, triage, aggregate, escalate and report on client security events including investigation of anomalous and malicious activity
• Perform correlation and trend analysis of security logs, network traffic, security alerts, events and incidents
• Continuously work to improve SOC technologies to minimize false positives and maximize detection and prevention effectiveness
• Develop and track key performance indicators (KPIs) related to SOC operations to benchmark and further enhance capabilities
• Develop comprehensive and accurate reports and presentations for technical and executive audiences
• Design and conduct proof-of-concept tests to replicate third-party findings and propose solutions to resolve discovered security issues
• Communicate regularly with team and with clients to proactively address concerns

Required Qualifications

• Minimum six (6) years of experience in IT Security and/or Information Technology.
• Experience working in a Security Operations Center in an enterprise or managed services provider environment is desired.
• Experience in an incident response, forensics, malware reverse engineering or incident investigation role in large scale environments is desired.
• A bachelor's degree in the following areas of study is preferred: Information Technology, Information Security/Assurance, Computer Science, or an equivalent combination of education and experience. A master's degree is a plus.
• Industry-recognized professional certifications such as: GCIH, GCFA, GNFA, GREM
• Experience with industry security tooling is required.
• Fortinet, AT&T AlienVault, Avanan, Preveil, Bricata, Elastic is a plus.

Skills and Capabilities

• Strong problem-solving and critical-thinking skills. Ability to prioritize and execute autonomously.
• Ability to develop and manage cybersecurity projects.
• Ability to communicate effectively with all staff, management, and clients orally and in writing.
• Ability to collaborate across the organization and operate effectively with multiple teams and solutions towards a shared goal.
• Strong understanding of the latest security principles and protocols.
• Strong understanding of security operations technologies, including SIEM and orchestration.
• Ability to tune correlation rules and outcomes via security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platforms.
• Demonstratable working knowledge of emerging technologies and tactics used within a SOC or IR and how they are applied to improve efficiency and effectiveness.
• Understanding of tactics, techniques, and procedures associated with cyber threats and the ability to develop relevant alerting, countermeasures, and threat-hunting techniques.

• Supervisor Responsibilities: None
• Location and Work Environment: While performing the duties of this job, the employee regularly works onsite in an office setting. This position is exclusively located in Huntsville, Alabama.
• Physical Demands: The physical demands described herein are representative of those that an employee must meet to perform the Primary Duties of this Job Description successfully.
• Travel: None
• Other Duties: Please note this Job Description is intended to describe the general nature and level of work to be performed by the employee(s) assigned to this Job Title. It is not designed to contain nor be interpreted as a comprehensive and/or all-inclusive list of duties, responsibilities, and qualifications. MAD Security, LLC reserves the right to amend and/or change responsibilities to meet business and organizational needs, as necessary, with or without notice.