An MSS Cyber Threat Engineer is a member of the Global Threat Operations (GTO) team within Trustwave Managed Security Services (MSS).
In addition to possessing technical knowledge, a Threat Engineer interacts extensively with customers and partners using polite professional etiquette, and serves as a technical point of escalation within GTO.
Cyber Threat Engineers perform the following duties :
Use strong TCP / IP networking skills to perform network analysis and understand detected threats.
Analyze escalated, complex cases involving a pattern of security events from firewalls, IDS, IPS, SIEM, Web Application Firewall (WAF), and other security data sources.
Resolve intractable technical problems within managed security solutions as part of a sustained improvement project.
Create, improve, and document processes for the management and monitoring of security solutions.
Tune devices for blocking and reporting based on customer business need.
Configure, manage, and upgrade Intrusion Detection Systems (IDS), Intrusion Protection Systems (IPS), and Security Information and Event Monitoring (SIEM) platforms.
Baseline threat detection devices for unique customer environments.
Test and improve signature-based and other detection methods.
Take responsibility for customer satisfaction and overall success of managed services.
Respond to needs and questions of customers in a polite, positive, and professional manner concerning their managed services, managed devices and detected threats.
Adhere to policies, procedures, and security best practices.
Resolve problems independently and understand the correct escalation procedures.
Perform rotating on-call duties (nights / weekend rotations).
Act as a mentor and escalation point for analysts within the Global Threat Operations team.
Skills & Knowledge Requirements :
Must have intermediate skills / knowledge in some of the following :
Security Information and Event Management (SIEM) management
Web Application Firewall (WAF) management
Unix / Linux and Windows system administration
Information security best practices & network security architecture
Sourcefire / Snort based security products
Current exploit and remediation techniques
Web Services Administration
TCP / IP networking
IP Tables / Packet filter firewalls
Vulnerability Scanning technologies
Log collection and analysis tools
Endpoint security concepts and products
Desired experience :
Information security or networking
Intrusion analysis experience
Excellent customer service skills
Excellent analytical thinking and problem solving skills
Strong oral and written communication skills
Self-managed and team oriented
Deadline and detail oriented
English : Demonstrated Fluency
Intermediate to advanced experience in Information Security related areas
Certified in Security related Industry, Vendor or Professional Certification- GCIA, GCIH, Security+, OSCP, or CEH preferred.
2nd language is also desired : Spanish, Portuguese
We prefer college educated applicants, but at minimum, high school diploma or equivalent is required for employment.