Network Security Engineer

Key Responsibilities

3-5 years of experience is a must

Should be hands on in all aspects of IT Recruitment (Sourcing, screening, coordinating, negotiation, on-boarding etc)

Searching for and Approaching Suitable Candidates.

2-4 years of solid experience in vendor management.

Managing the Interview, Assessment, and Shortlisting Processes.

Maintaining a Database.

Preferably from corporate hiring background.

Coaching and Mentoring Junior Recruiters.

Excellent communication skills are mandatory.

Good team player.

Education:-

Bachelors or Equivalent

Job Description

Cyber Threat Intelligence & Threat Hunting - Subject Matter Expert (B3-2)

Responsibilities:

Perform threat research, create actionable threat advisories, and derive hunting queries based on the evolving threat vectors.

Understand APT groups, Conduct deep dive technical analysis of cyber-attack tools, tactics, and procedures. Create hypothesis and perform active threat hunting.

Minimum Requirements:

10+ years of overall experience, 7+ years of experience in cyber threat intelligence, malware analysis (Reverse engineering)

Hands-on experience with writing threat hunting hypothesis & active threat hunting

Experience with YARA rule and OpenIOC signature creation.

Experience with multi-tiered mission-critical systems.

Experience in opensource sandbox and honeypots.

Preferred Certification

GIAC Cyber Threat Intelligence (GCTI)

C| TIA (Certified Threat Intelligence Analyst)

CCTIA by the NICCS

The Incident Response Senior Principal Analyst leads a team of experts with diverse skill sets across areas such as Security Operations Center (SOC), Forensics, and other applicable technical Subject Matter Expert (SME) resources. The IR Senior Principal Analyst is specifically tasked with managing all aspects of an Incident Response engagement to include incident validation, monitoring, containment, log analysis, system forensic analysis, and reporting. The IR Senior Principal Analyst is also responsible for developing and sustaining strong relationships with our clients, and client’s counsel to ensure the engagement’s objectives and expectations are met and executed successfully as documented in the statement of work. The incumbent of this role should display a strong foundation of technical expertise in Cybersecurity, Incident Response, and Digital Forensics to successfully execute the responsibilities associated with this role.  

ROLES AND RESPONSIBILITIES

• Supports the management of the technical aspects from client setup and kickoff to supporting the reporting process.
• Co-leads project scoping calls to accurately collect information from the client concerning the incident to include but not be limited to the client’s environment, size, technology, and security threats. Responsible for capturing all client’s expectations and objectives throughout the engagement to ensure successful engagement delivery.
• Organize and maintain an inventory of requests sent to the client to include at a minimum public IP ranges, requested information (including systems for collection), collected logs, systems Skadi or full systems, and any other requested made of the client by Arete or counsel.
• Works directly with the client and other Arete team members to preserve and collect artifacts for forensic analysis.
• Engages in communications with the TA for negotiation and recovery of decryption keys or manages the ransomware specialist team.
• Ensures deadlines are met and timely update meetings are established with client and counsel.
• Responsible for quality control over the budget of engagement and proactively identifying the need for addendums for engagements. Discusses with counsel before provided addendum.
• The main point of contact who manages and participates in all communications with the client and client’s counsel during the engagement. Assists with the development of communications.
• Supports the management and coordination of all technical efforts for the IR engagement to drive the process forward through; tool deployment, ransomware decryption, restoration, and recovery efforts, system rebuilds, system, application, and network administration tasks. 
• Coordinates with the Ransom Specialist when ransom negotiations are needed. Ensures updates regarding ransom status are delivered to the client and counsel in a timely fashion.
• Manages and coordinates the onsite efforts with the Onsite Lead or team ensuring they understand and can execute the objectives for the onsite work. Additional responsibilities with onsite efforts include ensuring communications are frequent and getting the daily onsite update communicating these back to the IR Director and/or IR Ops Associate for their Tiger Team.
• Co-manages restoration team when engaged with the client for recovery of systems, data collection, and SentinelOne (S1) deployment.
• Partners with the Forensic Lead to coordinate additional data collection requests pertinent to the investigation.
• Communicates in tandem with the Forensic Lead relevant findings to the client during the investigation.
• Designs and executes a strategy to install S1 and live response data within the SLAs set by Arete.
• Manage the SOC for accurate reporting of S1 metrics from threats to checked-in systems based on the need from the client.
• Follows up with the SOC Lead on SentinelOne alerts and encourages/coordinates client participation with the product. 
• Organizes the updates for client and counsel and acts as the "quarterback" for leading update calls when prompted by counsel; maintains an organized and methodical approach for providing updates from negotiations, system restoration, data collection forensics, and closeout. Accountable for final report review, ensuring the report is accurate, professional, and meets the objective of client counsel.
• Can troubleshoot instability issues within infected operating systems and stabilize the system for continued recovery.
• Cross trains across the IR services within SOC, IR Lead, Forensics, and Restoration.
• Supports peers and IR Directors within the engagement lifecycle. Familiarizes oneself with the negotiation tactics and communications with threat actors.

• Other duties as assigned.

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required personnel so classified. 

SKILLS AND KNOWLEDGE

1. Experience delivering consulting engagements in a fast-paced environment
2. Experience leading scoping calls
3. Strong background and practical hands-on experience with Windows or Linux System and Network Administration, Security DevOps, Incident Response and Digital Forensics, or Security Engineering
4. Practical experience performing in a functional role including but not limited to one or more of the following disciplines: computer forensics, Incident Response, data analytics, Security Operations, and Engineering, Digital Investigations
5. Knowledgeable of collection methodologies and tools.
6. Comfortable working within various OS including Windows, Linux, and OSX
7. Organized communications and notes
8. Communicates clearly and concisely
9. Generally knowledgeable of the multiple services that comprise an IR investigation
10. In-depth knowledge of the ransom negotiation process and details it accordingly to clients

Responsibilities:

The Senior Information Security Engineer is responsible for the implementation, execution and maintenance of technology solutions to mitigate risk, to protect the IT and Engineering environments by reducing the probability of, and to minimize the effects of, damage caused by malware, malicious activities and security events.

The individual will help protect the company by deploying, tuning, and managing security tools across the computing environment, as well as provide security incident response cycle support. They should have a passion and skills for identifying the latest cyber threats. The individual will:

Basic Qualifications

• Working knowledge of infrastructure-as-code and CI/CD pipelines tools (i.e. Jenkins, Teamcity, CircleCI etc..)
• Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security controls while constantly identifying areas of needed improvement
• Deep hands-on security experience with cloud providers, such as AWS, GCP, Azure
• Understanding of automated security testing approaches and tools
• Experience with proactive integration of security into the development process
• Lead continuous improvement efforts of out security tools and systems (Concertation on SIEM, IDS, EDR Tools)
• Work with our customers (Security Operations, Incident Response, and Product teams) to incorporate high quality security alerting into their operational workflows
• Improve overall security practitioner efficiency through process automation
• Foster and promote collaboration among all members of the IT, Infrastructure, and Risk Management Departments.

Minimum Qualifications/Requirements

• BS or MS in Computer Science or related field
• Minimum 7+ years of cybersecurity experience
• Must have previous experience performing threat hunting and incident response duties using SIEM tools, cybersecurity management consoles, and ticketing systems
• Experience in deployment, development, and maintenance of SIEM
• Experience writing and using Ansible server administration scripts, and create simple Python, BASH, or Powershell scripts to automate cybersecurity functions
• Scripting experience to automate security operations, alerting, and compliance checks, CI/CD design, deployment, and management
• Experience with managing endpoint response and detection infrastructure and endpoints at the enterprise level, including performing upgrades to the back end application and deploying new agent versions to endpoints
• Understanding the investigative process and performing triage for cybersecurity incidents
• Experience maintaining industry leading security technologies or infrastructure systems in complex technical IT operations environment
• Must be detail-oriented and organized with ability to handle competing demands while meeting deadlines
• Experience in authentication protocols and frameworks to include OAuth, and AWS IAM
• Proactive and motivated; team player with a positive can-do attitude
• Strong analytical/problem-solving skills and cross-functional knowledge across multiple IT operational and security disciplines
• Ability to communicate technical concepts to a broad range of technical and non-technical staff
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change

REQUIRED CITIZENSHIP / WORK PERMIT / VISA STATUS:
Should be currently based in Japan with Valid work visa

MUST HAVES:

Experience Required:

• LAN/Wireless LAN based skills(over 3 years experiences)
• Firewall based skill (over 3 years experiences)
• Server based skill (over 3 years experiences)
• WAN/Internet based skills (over 3 years experiences)

*

• Required General Skills:

• Fluent in Japanese(both written & verbal) and English(reading & written)

Job role :

• · WAN, LAN, Wireless LAN, Firewall, ServerWork Contents;
• · Support Design and Implementation
• · Create documentation or basic design and detail design
• · Join required meeting(Internal, External)
• · Management Change(Create and close change record)
• · Test(Unit, Integrated) in on-site
• · Create the result of test document
• · Create change procedure
• · Installation equipment in on- site
• · Support soft MACD from remote site
• · Create operation manual
• · Support problem management
• · Support inventory management
• · Support configuration hencmanagement
• · Support reporting
• · Cisco Router/Switch/FW (MPLS, BGP, OSPF, STP, VLAN, QoS, VRF)
• · Juniper Router/Switch(SRX/EX/QFX)
• · Server (Linux,)
• · Wireless (CAPWAN)

Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption 
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting