Location
Houston, TX, United States
Posted on
Mar 04, 2023
Profile
Job Information
Schlumberger
Lead CyberSOC Engineer
in
Houston
Texas
Lead CyberSOC Engineer
Houston - United States
Job Summary:
The Lead CyberSOC Engineer will identify, analyze, communicate, defend, and contain information security incidents.
Roles and Responsibilities:
Possess all skills required of a CyberSOC Engineer (T2)
In-depth knowledge of most of the skills listed in the “Technical Skill” section
Ability to perform basic malware reverse engineering
Ability to perform memory analysis using tools such as Volatility or Rekall
Leverage forensic tools such as FTK, X-Ways, SIFT as part of an investigation
Use both internal and external threat intelligence to build threat detections and provide data enrichment
Threat Hunting
Evaluate tools/solutions for investigation and IR (Incident Response)
Ability to write scripts and Automate
Conduct security gap analysis assessments, penetration testing / red-team assessments, and vulnerability assessments to identify security vulnerabilities
Maintain and employ a strong understanding of advanced threats, continuous vulnerability assessment, response and mitigation strategies used in cybersecurity operations
Mentor T1 and T2 analysts
Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems (IDS/IPS), firewalls, host-based security systems (HBSS), etc.
Correlates network activity across networks to identify trends of unauthorized use
Research emerging threats and vulnerabilities to aid in the identification of incidents
Analyze the results of the monitoring solutions, assess, and correlate the output using automated systems. Conduct triage, event correlation, classification, and analysis of these events such that incidents are investigated and logged or followed up using the existing information risk incident management processes
Provide pro-active feedback which will enable improvement of the current monitoring rules, based on information and knowledge/experience from Schlumberger and Industry best practices.
Capable of working unsupervised, but able to interact and give direction to business and IT (Information Technology) teams in line within established corporate security policies and processes.
Develops and maintains constructive and cooperative working relationships with team members
Demonstrates the ability to drive creative, innovative ways to solve problems or minimize risk
Consultative skills and ability to work cross-functionally
Focused and results oriented
Ability to react quickly, decisively, and deliberately in high-stress, high-impact situations
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
Qualifications/Requirements:
Certifications (1 or more of the following required)
Current (not future/or planned) Certification are preferable
SANS (SysAdmin, Audit, Network, and Security) GIAC (Global Information Assurance Certification) certification in Cyber Defense, Penetration Testing, Incident Response or Forensics
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
EC-Council certification: CEH (Certified Ethical Hacker), ECSA (Certified Security Analyst), CHFI (Computer Hacking Forensic Investigator), CND (Certified Network Defender)
Cisco Certified Network Associate (CCNA)
Technical Skills:
1. Incident Response - Security Risk
Strong troubleshooting and root cause analysis skills
Cyber outbreak management and the ability to differentiate malicious activity from directed attack patterns
2. Security Event Monitoring and Analysis
Log analysis/ Windows event analysis
Security Information and Event Management (SIEM) – Chronicle and Splunk are preferred
3. Could Security
Cloud experience (e.g., Azure, GC (Google Cloud), AWS (Amazon Web Services), Alibaba Cloud, Yandex, G42)
4. Endpoint
Antivirus solutions (e.g., Microsoft Defender)
Strong Windows and Linux administration experience
Information Security tools & packet analyses tools (e.g., Cb, Wireshark)
5. Network Security
• Firewall (e.g., Pato Alto Networks)
Internet Protocols and Services (e.g., TCP/IP, FTP (File Transfer Protocol), HTTPS, SSH (Secure Shell))
Intrusion Detection (e.g., IDS/IPS tools)
Network scanning tools (e.g., NMAP)
Networking infrastructure (Cisco is preferred)
Information Security tools & packet analyses tools (e.g., Cb, Wireshark)
6. Identity & Access Management
• Azure Active Directory
Cloud Access Security Broker (CASB)
Federation
Conditional Access
Zero Trust
7. Forensics
Malware analysis and memory analysis
Network and Host forensics
8. Email security
Phishing detection tools (e.g., Proofpoint TRAP, CLEAR)
9. Threat Intel
Experience in analyzing threat intel feeds.
10. OT/IIoT Security
Awareness of SCADA (Supervisory Control and Data Acquisition) / IIoT (Industrial Internet of Things) technologies
11. Data Security
Data Loss Prevention tools, (e.g., AIP (Azure Information Protection), IRM (Information Rights management))
12. Compliance and Audit
Fair understanding of the NIST (National Institute of Standards and Technology) CS (Cyber Security) Framework
13. Vulnerability Management
Vulnerability Testing tools (e.g., Qualys, Kali)
14. Scripting/Automation
Programming/Scripting tools (e.g., Python, Bash, PowerShell, YARA-L)
15. Application Security
Fair understanding of the threat modeling
16. Project Management
Basic project management experience
17. Common Technical Skills
SharePoint and PowerBI experience are an advantage
YARA-L, PowerShell or Python coding experience is an advantage
Overall Minimum Position Requirements:
Bachelor’s or master's degree in a technical field such as computer science, Cyber Security, Management Information Technology, Engineering, and Mathematics is strongly preferred
Information Security Experience:
For T3: 5-10 years
Must be able to work flexible hours including early/late shift, weekends, and public holiday
Fluent in English
Ability to read and understand additional languages is a strong advantage
Effective communication skills
Must possess excellent work habits, a strong work ethic, and be able to adhere to company work hours, policies, and standard business etiquette
Ability to work under stress and resilience to support extended work shifts infrequently (during Cyber Operations)
Keen to follow a self-driven learning and development plan
Candidates must be able to work and reside in the US, without sponsorship
Work from Home policy adherence:
The Work from home policy is designed to improve people’s work-life balance, making it beneficial for both the employee and the company. It gives proper flexibility to allow employees, based on circumstances, to split the work hours (shift) between home and office, enhancing productivity. Work from home policies might apply to CyberSOC employees, and the final schedule will be determined by local country policies in agreement with CyberSOC manager.
Dedicated local Employee Teleworking Acknowledgement must be reviewed and accepted as part of the work from home policy. Employees’ acceptance of the Work from Home policy implies the following elements:
Enhanced Online dexterity and proficiency to use company remote collaboration tools (Microsoft Teams, VPN (Virtual Private Networks) - Global Protect). Employees are responsible for making sure that all the tools and services are available and reliable to perform work duties effectively and in a secure manner. This includes but not limited to, Stable and reliable performance connectivity, proper laptop configuration with latest protection clients and provision of a secure environment, following company best practices for asset protection (secure Wi-Fi, cable lock, physical secure workspace).
CyberSOC Analyst is a tiered position with immediate progression within the team, reporting directly to the corresponding Cyber Security Operations Center manager. The titles and duties for each tier are highlighted below:
CyberSOC Analyst
CyberSOC Analyst (T1 – Tier 1) is expected to:
Demonstrate at least 2-3 of the skills listed in the “Technical Skill” section
Triage security events
Follow existing incident playbooks
Contribute to the improvement and creation of playbooks
Learn new skills across all technical domains
Use public cyber security resources (e.g., sites/blogs/podcasts) to stay up to date with latest news / threats
Show a commitment to progress towards T2
CyberSOC Engineer
CyberSOC Engineer (T2 – Tier 2) is expected to:
Possess all skills required of a CyberSOC analyst (T1)
In-depth knowledge of at least 5-6 of the skills listed in the “Technical Skill” section
Escalation point for Tier 1
Must be able to research, develop, and communicate solutions to detected security incidents in a timely manner
Use advanced analysis skills to isolate and diagnose potential threats and anomalous behavior
Mentor T1 analysts
Lead CyberSOC Engineer
Lead CyberSOC Engineer (T3 - Tier 3)
See above initial description for Lead CyberSOC Engineer.
SLB is an equal employment opportunity employer. Qualified applicants are considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran or military status, pregnancy (including pregnancy, childbirth and related medical conditions), marital status, or other characteristics protected by law. We are an “Equal Opportunity Employer. For more information regarding your rights, refer to the latest version of the EEO is the Law poster, the EEO is the Law-Supplement poster, and the Pay Transparency Nondiscrimination Provision located here: ****We will endeavor to make a reasonable accommodation / modification to the known physical or mental limitations of a qualified applicant with a disability to assist in the hiring process, unless the accommodation would impose an undue hardship on the operation of our business, in accordance with applicable federal, state, and local law. If you believe you require such assistance to complete this form or to participate in the interview process, please contact **** to request assistance. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to.
We are committed to a culture where everyone feels like they belong. To learn more about our diversity, equity, inclusion commitments, please visit our Diversity & Inclusion | SLB (slb.com) (**** for more information.
SLB is a VEVRAA Federal Contractor- priority referral Protected Veterans requested.
Company info
Sign Up Now - InformationTechnologyCrossing.com