Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions. With $50 billion in revenue, we have become the world’s largest technology distributor with operations in 64 countries and more than 35,000 associates.
Position Summary: Provide a L3 level support, manage the queue and lead incident response engagements, evaluate, and respond incident response procedures and capabilities. Managing the Security incidents queue and track the SLA of tickets. Analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents. Guiding the Junior team members with aspects of their job. Demonstrate the experience in working security technologies such as Security Incident and Event Management (SIEM), Endpoint Detection and Response (EDR), and Threat Hunting. Collaborate with multiple teams to Operationalize new security controls. Be there as a point of escalation in a technical environment. Ability to provide on call support when needed
What you bring to the role: Minimum 5 or more years of full-time professional experience in the Information Security field. Experience working in a Security Operations Center (SOC), Managed Security Service (MSS), or inhouse SOC. Familiarity with MITRE ATT&CK and methods to detect suspicious and malicious behavior. Basic understanding of vulnerability assessment tools. Evaluate, respond, and mitigate alerts that originate from the SIEM and the Cybersecurity product suite, IDS/IPS, Anti-virus, Web Application Firewalls, NAC Solution, EDR, etc. Identify the root cause of the incidents. Ability to identify common false positives and work towards the fine-tuning. Familiarity with web-based exploit kits and the methods employed by web-based exploit kits. Familiarity with concepts associated with Advanced Persistent Threats and “targeted malware.” Understanding of malware mitigation controls in an enterprise environment. Covert channels, egress, and data exfiltration techniques. Familiarity with vulnerability scoring systems such as CVSS. Join forces with internal Security Incident Response Team (SIRT) during investigations. Author investigation reports for technical and non-technical audience. Willing to work in shift pattern. Two or more certifications preferred (GCIA, GSEC, GMON, GCIH, CISSP, CCSE, CISA, HBSS, NSA, CEH, Cisco Security, Security +)
*This is not a complete listing of the job duties. It’s a representation of the things you will be doing, and you may not perform all of these duties.