SOC Engineer

SOC Engineer SOC 工程师

【Job Description】

1. Responsilbe for daily alert monitoring, analysis, initial triage and classification.

2. Use SIEM platform(Eg: Splunk, ElasticSearch)to collect logs and analyze the events.

3. Response, record, escalate and report the security incident based on SOP.

4. Review and process Parsec and PAN whitelisting request.

5. Monitor the status and completion of vulnerability scans, and regularly review vulnerability scan reports.

6. Monitor security tickets generated by platforms such as WAF, vulnerability scanning, EDR, and CPI, and identify the asset owner responsible for each ticket.

7. Handle privilege access, system configuration compliance, and vulnerability management collaboration.

8. Analyze network traffic and logs to identify potential threats.

9. Conduct periodic vulnerability assessments and remediation follow-up

10. Support the implementation of security policies, standards, and procedures.

11. Perform routine maintenance on security devices (patching, configuration updates, firmware upgrades).

【职位描述】

1. 负责日常警报监测,分析,初步分类和分类。

2. 使用SIEM平台(例如:Splunk, ElasticSearch)收集日志和分析事件。

3. 根据SOP响应,记录,升级和报告安全事件。

4. 审查和处理Parsec和PAN白名单申请。

5. 监控漏洞扫描的状态和完成情况,并定期查看漏洞扫描报告。

6. 监控WAF、漏洞扫描、EDR、CPI等平台生成的安全票据,识别负责每张票据的资产所有者。

7. 处理特权访问、系统配置遵从性和漏洞管理协作。

8. 分析网络流量和日志,识别潜在威胁。

9. 定期进行漏洞评估和补救跟进

10. 支持安全策略、标准和过程的实现。

11. 对安全设备进行日常维护(打补丁、更新配置、升级固件)。

【Requirement】

1. Minimum Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.

2. Minimum 1 year working experience in network security and cyber security related fields

3. Understanding networking, security devices (Firewall, IDS/IPS)

4. Well understanding with common cybersecurity threats such as phishing emails, brute-force attacks, and malware.

5. Well understanding with the use of common SaaS applications such as Jira and Office 365.

6. Strong analytical and troubleshooting skills.

7. Able to work shift and perform well under pressure.

8. Willingness to solve the challenges in a practical/hands-on manner.

【要求】1. 要求具备网络安全、计算机科学、信息技术或相关领域的最低学士学位。2. 至少拥有 1 年网络安全及网络信息安全相关领域的工作经验3. 了解网络、安全设备(防火墙、入侵检测系统/入侵防御系统)4. 充分了解常见的网络安全威胁,例如钓鱼邮件、暴力攻击和恶意软件。5. 充分理解并熟练使用诸如 Jira 和 Office 365 这类常见的 SaaS 应用程序。6. 出色的分析和故障排查能力。7. 能够轮班工作,并能在压力下出色完成任务。8. 愿意以实际操作的方式去解决所面临的挑战。

【Good to have】

 Ability to perform automation when required, with any programming language such as PowerShell, Bash, Python, Java.

 Experience in SOC environment and participated cyber drills

 Strong knowledge on different standards, guidelines and best practices, such as ISO 27001, CIS Benchmark etc.

 Strong command of English with good communication and writing skills.

【优势】

 能够在需要时运用任何编程语言(如 PowerShell、Bash、Python、Java)进行自动化操作。

 有在安全运营中心(SOC)环境中的工作经验,并参与过网络演练。

 对各种标准、指南和最佳实践(如 ISO 27001、CIS 基准等)有深入的了解。

 英语能力强,具备良好的沟通和写作能力。