Senior SOC Engineer

Employer: Johnson Controls
Job location
Cork, Ireland
Job closing date

To apply for the role below, please click here

The Johnson Controls Global Information Security (GIS) team is undergoing a transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the increasing cybersecurity threat landscape. Hosted in Cork, Ireland, the Information Security Operations Security Engineer IV is a position reporting into the Director of Global Information Security Operations (located in Milwaukee, WI USA) with responsibility of assisting in development and implementation of standard operating procedures which support prevention, detection and response to cyber security risks and threats.  

The global incident management program will provide the company with the ability to complicate, detect, and respond to Cyber Security incidents impacting the enterprise by ensuring they are properly identified, analyzed, communicated, actioned, investigated and reported. The program will have responsibility over security monitoring and is responsible for global 24x7 incident response activities. The global security incident management program will also manage information resources during incident response activities to identify possible cyber-attacks or intrusion events, and determine the potential business impact.

The responsibilities of the SOC Security Engineer IV include, but are not limited to:

  • Leading SOC Security Engineers in the performing of all procedures necessary to ensure the safety of information     systems assets and to protect systems from intentional or inadvertent access or destruction.
  • Take direction from the Director of Global Security Operations and interact with internal and external business partners for escalation and containment of security incidents
  • Monitor and analyze network traffic and security event data.
  • Investigate intrusion attempts and perform in-depth analysis of potential exploits
  • Provide network intrusion detection expertise to support timely and effective decision making of when to declare an event escalates to the level of a security incident
  • Conduct proactive threat and compromise research and analysis  
  • Review security events that are populated in a Splunk Enterprise Security SIEM
  • Lead digital forensics and malware analysis triage
  • Independently follow procedures to contain, analyze, and eradicate malicious activity and develop new processes and procedures when none exist
  • Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.
  • Create a final incident report detailing the events of the incident
  • Assist in developing and providing information regarding intrusion events, security incidents, and other threat indications and warning information to stakeholders and leadership
  • Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
  • Provide guidance and mentorship to analyst team on investigative and response methodologies.
  • Participate in special projects as required. The SOC Security Engineer IV is responsible for carrying out all activities regarding SOC policies and SOC procedures.

What we look for:

  • The successful candidate will be a passionate information security professional with the ability to communicate to different business and IT leaders. The candidate will be able to execute the security incident response and Information inventory management strategy defined by leaders.
  • The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven team leader and security strategist.
  • A minimum bachelor degree in computer engineering, computer security or computer science discipline.
  • 7-10 years of information security related experience leading teams in security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration, network operations, engineering, system administration on Linux, or Window
  • Strong understanding of adversary motivations including cybercrime, cyber hacktivism, cyber war, cyber espionage and the difference between cyber propaganda and cyber terrorism.
  • Strong understanding of security operations concepts such as perimeter defense, BYOD management, data loss protection, insider threat, kill chain analysis, risk assessment and security metrics.
  • Strong understanding of Threat Intelligence and Threat Profiling
  • Familiarity with network security methodologies, tactics, techniques and procedures.
  • Experience with Intrusion Detection Systems (IDS)/ Intrusion Protection Systems (IPS), SIEM and other network defense security tools.
  • Ability to read IDS signatures.
  • Experience with Data Loss Prevention (DLP) technologies
  • Understanding of network packet capture and ability to review.
  • Experience performing security/vulnerability reviews of network environments.
  • Knowledge of network security architecture, understanding of the TCP/IP protocol, and remote access security techniques/products.
  • Experience with enterprise anti-virus/malware solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns.
  • Have experience monitoring, detecting, and leading response efforts of advanced persistent threats.
  • Knowledge of digital forensic and static malware analysis techniques.
  • Experience generating and modifying network and host based Indicators of Compromise (IOC)
  • Strong research background, utilizing an analytical approach.
  • Candidate must be able to react quickly, decisively, and deliberately in high stress situations.
  • Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, to technical and non-technical audiences at different seniority levels and interact with customers.
  • Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a global team setting.
  • Ability to create and maintain good business relationships with counter parts, customers and external entities to achieve the security incident management goals
  • Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
  • Experience with open source and commercial security management tools
  • Experience in the definition and implementation of strategic information security plans
  • Moderate knowledge of regulatory compliance requirements (PCI-DSS, HIPAA, FISMA, SOX)
  • Moderate knowledge in National Institute of Standards and Technology (NIST)
  • Desired Certifications (but not required):
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Intrusion Analyst (GIAC)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Certified Forensic Analyst (GCFA)
  • Certified Ethical Hacker (CEH)
  • Cisco Certified Network Associate Security (CCNA Security)
  • Cisco Certified Network Associate (CCNA)
  • Cisco Certified Network Professional Security (CCNP Security)
  • Cisco Certified Network Professional (CCNP)
  • Server Platform Certifications (Microsoft, Linux)
  • Forensics Examiner Certification (EnCE, FTK)