Senior Threat Detection and Response (TDR) Engineer)
Atlanta, Georgia  


We have a Contract To Hire position for "Senior Threat Detection and Response (TDR) Engineer)" with one of our direct clients in Atlanta, Georgia for initial contract duration of  3+ months. No third party candidates considered for this position. US citizens and all those authorized to work in the US are encouraged to apply.

Job Description

Our Client is searching for a Threat Detection & Response (TDR) Analyst that will join the Security Operations Center (SOC) and respond to cyber threats facing Client networks, systems, and information assets.  The TDR Analyst is engaged throughout the incident lifecycle from escalation to resolution and acts by collecting and analyzing threat intelligence, performing security monitoring activities, taking appropriate action based on exposure, and reporting recommendations to leadership.  This position reports to the Senior Manager of Threat Detection and Response.

Successful candidates will demonstrate a strong business acumen and possess a blend of general business, technology, and security competencies. This is a unique opportunity to work for a telecommunications company protecting national critical infrastructure. 

Primary Responsibilities:

  • Detect and respond to workstation, server and network incidents using SIEM, behavioral analytics, and network analysis to promptly detect and mitigate the impact of cyber incidents.
  • Track, respond, and document cybersecurity incidents in a consistent and well-organized manner from detection through resolution.
  • Perform analysis of log files from a variety of sources (e.g., Windows or Linux hosts, network traffic, firewalls, intrusion detection system [IDS] logs, or application logs) to identify potential threats to the environment.
  • Perform incident triage, to include scope, urgency, and potential impact, making recommendations that enable expeditious remediation.
  • Review and respond to questions and escalated security events from Tier I analysts.
  • Stay current with the latest trends in threat intelligence, security monitoring and incident response.
  • Collect and review intelligence data from relevant sources including subscription and open-source feeds.
  • Create and monitor reference sets across different applications to support threat hunting and monitoring.
  • Develop ad-hoc scripts to extend capabilities and complete tasks-at-hand.

Required Skills

Qualifications:

Minimum Requirements:

  • Four or more years of technical experience in the Information Security field.
  • Experience with Log Management/SIEM tools (e.g., Arcsight, IBM/Qradar, Splunk, Mcafee/Nitro, ELK, LogRythm, others)
  • Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Strong experience triaging security events using a variety of tools including SIEM / SOAR / XDR in a security operations environment.
  • Experience with network traffic, firewalls, ID, proxies, antivirus, mail, and spyware solutions.
  • Cloud experience with AWS and/or Azure environments.
  • Intermediate to advanced programming / scripting language experience, such as PowerShell, Python, or Bash.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles.
  • Strong understanding of malware analysis concepts and methodologies.
  • Proficiency with common cybersecurity frameworks and regulatory requirements like MITRE ATT&CK, Kill Chain, OWASP.
  • Strong process execution, time management and organizational skills.
  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Preferred Skills

  • BS in Computer Science, Information Systems, Engineering.
  • Experience with endpoint security agents like Carbon Black or CrowdStrike.
  • Experience with network forensics and associated toolsets, (Suricata, WireShark, PCAP, tcpdump) and analysis techniques.
  • Experience with host-based detection and prevention suites like Microsoft SCEP or OSSEC.
  • Experience navigating and working in hybrid cloud environments.
  • Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF).
  • SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN are preferred, but not required.

 

(For Candidate use only)

   
 

Maximum file size 5mb (doc/docx/pdf/rtf)