Lead - SOC Engineer

What Will You Be Doing?

The Lead Analyst, Cybersecurity Operations will be part of the Cybersecurity team that analyzes,

implements, monitors, troubleshoots, and audits the cybersecurity of the Frontier network

infrastructure. The analyst provides timely and comprehensive intelligence on internal/external threats

for detection, monitoring, threat hunting, and incident response. The scope of environment includes

system-monitoring platforms, anti-virus, DLP, URL filtering, and PCI environments. The analyst will be

responsible for performing alert analysis, incident response, digital forensics, and supporting

penetration remediation on applications/systems.

Essential Functions

 Monitor, investigate, analyze, respond, and report to cyber incidents identified through

detection/response platforms.

 Lead support to Management in detecting and responding to cybersecurity alerts and incident

activity.

 Responsible for engaging and escalating incidents to Cyber Operations Management and other

Cyber Incident Response Team members.

 Actively support incident response activities, efforts, and training exercises (e.g., incidents,

tabletops, threat simulations) and be the lead incident response analyst.

 Actively drive risk reduction efforts for known cyber security vulnerabilities and known attack

traffic patterns/indicators of compromise (IOC).

 Actively monitor security threats and risks, provide in-depth incident analysis, evaluate security

incidents, provide proactive threat research, and recommend mitigation strategies.

 Evaluate and determine if/when cybersecurity violations have occurred through examination of

network/application logs, open-source research, vulnerability and configuration scan data, and

user provided reports.

 Proactively conduct investigations, analysis, and evaluation of projects to determine

cybersecurity risk and feasibility as required.

 Administer, maintain, tune, and perform heath checks on cybersecurity products and services

(such as: secure mail gateway, SIEM, IDS/IPS, EDR, vulnerability management, brand monitoring,

threat intelligence, security rating, DDoS, web proxy, file integrity monitoring (FIM), data loss

prevention (DLP), User Entity & Behavioral Analytics (UEBA), and other).

 Provide and implement recommendations for new technical controls to help mitigate security

vulnerabilities.

 Responsible for leading the vulnerability management program functions including hosting

weekly meetings with Stakeholders and the operations team, creating and tracking tickets for all

Position Description

vulnerabilities, holding stakeholder teams to meet SLA’s, and reporting to the Manager of

Cybersecurity on a weekly basis.

 Actively perform threat hunting activities in the environment to detect cyber threats in the

network.

 Coordinate and support purple, red, and blue team engagements.

 Provide cybersecurity technical assistance when needed by system/application owners.

 Support multiple day-to-day cybersecurity tasks and projects efforts.

 Provide regular status updates to Management on projects and remediation efforts.

 Solid understanding of cybersecurity policies and procedures, ability to draft, modify and create

standard operating procedures (SOPs) for use of other team members.

 Support organizational Security Awareness Training efforts (suggest training topics, coordinate

phishing campaigns, enable awareness to end-users in support of incidents).

 Support vulnerability assessments functions (such as: enterprise pen testing, application pen

testing, static/dynamic testing, scorecard assessments).

 Participate and support afterhours/on-call rotation requirements for cybersecurity incidents.

 Responsible for developing, monitoring, and tracking cyber security metrics on a recurring basis,

including creating Powerpoint slide decks for presentations.

 Coordinate response and remediation efforts across various departments in a cooperative and

beneficial manner.

 Responsible for maintaining Incident Response documentation and auditing member contact

information on at least a semi-annual basis or as needed.

 Responsible for attending all vendor meetings and acts as the point of contact for our

Cybersecurity vendors.

 Demonstrate ownership and understanding of tasks when engaging with other team members.

 Provide leadership, guidance and partnership to Analyst(s) and Senior Analyst(s).

 Responsible for the onboarding and training of new analysts to the Cybersecurity Operations

team.

 Provide support to management team.

Qualifications

 Bachelor’s degree in computer science, technology, or equivalent combination of education and

relevant experience (required).

 6+ years of relevant IT/Cybersecurity experience (required).

 5+ years in security operations with hands-on experience with enterprise cybersecurity

products, such as Qualys, SentinelOne, Proofpoint, Office365, Microsoft Defender for Cloud,

Microsoft Defender for Identity (required).

 5+ years of SIEM (security information and event management) platform experience (required).

 4+ years supporting adversary tactics and techniques based on MITRE attack framework

(required).

 Knowledge of cyber security standards and frameworks such as ISO 27001, NIST CSF, NIST-800-

53, PCI DSS ASV (highly desired).

 Hands-on experience with tools like PowerShell, Vulnerability Management suite, Wireshark,

and NMAP (required).

Position Description

 Industry cybersecurity certification: CompTIA: Security+ or Pentest+, CEH, CISSP, OCSP, SANS:

GCIH or GSEC, CISSP, ISACA: CISA or CISM, Security+, SSCP, or CCNA (required, or willing to

attain within 3 months of start date).

 Hands-on Cloud infrastructure (Azure/AWS/GCP) cybersecurity remediation experience

(desirable).

 Hands-on experience with next-gen endpoint detection/response (EDR), Enterprise Firewall, IPS,

Log Management, Cisco, and Checkpoint experience (desirable).

 URL Filtering (web proxy) and troubleshooting experience (desirable).

 Solid