Senior SOC Engineer
Employment Type : Full-Time
Overview: At Texas Capital Bank, we are driven by a single-minded and unwavering mission: to serve business and the individuals who run them. We use a consultative approach and innovative technologies to develop new ideas that give the bank and our clients a competitive advantage. We partner with our customers to push the boundaries of what’s possible—together.
Headquartered in Dallas, Texas Capital Bank has offices in Austin, Fort Worth, Houston, Richardson, Plano and San Antonio, and we serve clients in a variety of industries from coast-to-coast. We are on the Forbes Best Banks in America list, and were named a top place to work by The Dallas Morning News, Houston Chronicle and San Antonio Express-News. For further information, please visit us at www.texascapitalbank.com.
We are seeking a strong cyber security professional to join our Joint Security Operations Center. The ideal candidate will have extensive experience in network and endpoint forensics, incident response, and threat hunting methodologies. The ideal candidate will additionally have a well-rounded background in endpoint/network security defenses as well as some offensive security knowledge to allow the ability to think like an adversary. This role will work with other SOC Senior engineers to discern actual threats vs. false positives. This role will contribute to the incident response process to assess the risk, impact, and scope of identified security threats, as well as leading the response efforts to include containment, eradication, and recovery.Responsibilities:- Lead efforts in the development of Cyber Threat Use Cases (Actionable Alerting/Reporting), to include development of test cases and response plans for each Use Case.
- Provide support and assist in the training/mentoring of junior security staff to increase their understanding of complex security analysis methodologies and issues.
- Collaboratively participate in threat research, analysis, correlation and development of original intelligence to enable predictive and actionable reporting.
- Ensure thorough and accurate reporting during and concluding a security incident through strong verbal and written communcation.
- Perform threat hunting efforts, focused primarily on identifying advanced threats that are not detected via traditional security tools.
- Perform reverse-engineering and malware analysis as needed. .
- Demonstrable experience in scripting/programing to further automate functions and analysis efforts.
- Participate in regular collaboration with multiple teams both internal to the organization and managed services
- Provide awareness to internal teams and leadership on changes to the cyber threat landscape through various intelligence products.
- Publish internal threat intelligence products and intelligence briefings to provide actionable information to tactical and strategic stakeholders.
- Establish close relationships with business stakeholders outside of the security and compliance disciplines, working closely with physical security, fraud, legal, and senior leadership.
The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.Qualifications:- Minimum 3+ years’ experience in Information Security
- Minimum 3+ years of Security Information and Event Management (SIEM/SIM/SEM) experience
- Minimum 3 + years of experience with network security, endpoint security, or security threat vectors
- Minimum 3+ years of Incident Response experience
- Excellent interpersonal skills
- Ability to manage complex issues and develop solutions
- Detail-oriented, excellent communication (oral and written), interpersonal, organizational, and presentation skills.
- Knowledge and understanding of malware reverse engineering including: code or behavior analysis for endpoints and the network
- Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
- Strong understanding of attacker tools, techniques, and methodologies. Ability to gather and act on cyber threat intelligence.
- Knowledge of and ability to identify attack methods (TTPs) along with mitigation/detection techniques.
- Programming or scripting experience a plus
- Strong collaborative skills and proven ability to work in a diverse team of security professionals
- Certifications preferred in one or more of the following:
- Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensics Analyst (GNFA), Offensive Security (OSCP/OSCE/etc), or other relevant certifications.