SOC (Security Operation Center) - Purple Team -tier - Ciudad de México - Kyndryl Mexico S. de R.L. de C.V.

Kyndryl Mexico S. de R.L. de C.V.

Empresa verificada

Ciudad de México

hace 2 semanas

Publicado por:

Rodrigo Fernández

Reclutador de talento para beBee

Descripción

Why Kyndryl
Kyndryl is a market leader that thinks and acts like a start-up. We design, build, manage, and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl?

We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers, and our communities.

We invest heavily in you - not only through learning, training, and career development, but also through the flexible working practices and stellar benefits that help you grow and progress long-term.

And we give back - from planting 90,000 trees in our first 3 months as part of our One Tree Planted initiative to the Corporate Social Responsibility and Environment, Social and Governance practices embedded within everything we do, we are committed to powering human progress in an ethical, sustainable way.

Your Role and Responsibilities

Serve as Tier 3 level for complex technical and procedural escalations
Provide technical lead support to tier 2 and 1 soc analysts
Responsible for development and execution of incident response plans for escalated response processes
Proactively identify indicators of compromise and generate and execute
Incident Response Plan upon detection
Provide Incident remediation and prevention documentation
Identification and resolution of complex issues in customer environments.
Develop resolution and implementation plans
Work in collaboration with other security and company departments (operations, legal, sales) to help identify / resolve chronic issues and assist with the creation and implementation of corrective / preventative action plans
Research, analyze and identify potential vulnerabilities and security deficiencies. Initiate escalation procedure to counteract potential threats/vulnerabilities
Conduct security training, new hire training and network impact reviews. Coordinate repair and maintenance of security system with security integrators
Liaise directly with third party vendors / suppliers
Develop, document, and maintain Incident Response process, procedures, workflows, and playbook.
Tune and maintain security tools (EDR, IDS, SIEM, etc) to reduce false positives and improve SOC detection capabilities
Document Investigation and Incident Response actions taken in Case Management Systems and prepare formal Incident Reports
Create metrics and determine Key Performance Indicators to measure maturity of SOC operations.
Develop security content such as scripts, signatures, and alerts

Required Technical and Professional Expertise

Experience at least three (3) years working with SIEM(QRADAR, SPLUNK, SENTINEL, etc), FW, IPS/IDS
Threat Intelligence solutions, knowledge of Elastic Stack (Elasticsearch, Kibana)
Strong analytical skills to define risk, identify potential threats, document and develop action/mitigation plan
Deep knowledge/experience with Operating Systems (e.g. Windows Server, CentOS Linux).
Knowledge/experience of networking and firewalls
Knowledge of Enterprise Anti-Virus, IDS, Full Packet Capture and Host/Network Threat Analysis
Knowledge of Threat Monitoring Procedures
Deep knowledge conducting and leading incident response situations
Experience implementing monitoring tools and capabilities
Solid handson experience with one or several of the following security tools:
CrowdStrike O365 Security, AWS security and/or Hub Azure defender
Security center Splunk Advance OSINT knowledge
Experience with a wide range of security tools and knowledge of relevant cyber frameworks and methodologies
Work in collaboration with other security and company departments to help identify / resolve chronic issues and assist with the creation and implementation of corrective / preventative action plans
Research, analyze and identify potential vulnerabilities and security deficiencies. Initiate escalation procedure to counteract potential threats/vulnerabilities
Conduct security training, new hire training and network impact reviews
Coordinate repair and maintenance of security system with security integrators
Liaise directly with third party vendors / suppliers
Develop, document, and maintain Incident Response process, procedures, workflows, and playbook
Tune and maintain security tools (EDR, IDS, SIEM, etc) to reduce false positives and improve SOC detection capabilities
Document Investigation and Incident Response actions taken in Case Management Systems and prepare formal Incident Reports
Create metrics and determine Key Performance Indicators to measure maturity of SOC operations
Develop security content such as scripts, signatures, and alerts

Preferred Technical and Professional Experience

Three (3) years experience working within a security operations center
Three (3) years experience working across multiple security disciplines (DFIR, log analysis, packet analysis, etc.) 12 years of le