Senior SOC Analyst - Incident Commander - 84343

Location: Austin, Texas, US

Company: Advanced Micro Devices

Apply now

Apply for Job


What you do at AMD changes everything 
 

At AMD, we push the boundaries of what is possible.  We believe in changing the world for the better by driving innovation in high-performance computing, graphics, and visualization technologies – building blocks for gaming, immersive platforms, and the data center. 
 

Developing great technology takes more than talent: it takes amazing people who understand collaboration, respect, and who will go the “extra mile” to achieve unthinkable results.  It takes people who have the passion and desire to disrupt the status quo, push boundaries, deliver innovation, and change the world.   If you have this type of passion, we invite you to take a look at the opportunities available to come join our team.
 

Senior SOC Analyst - Incident Commander

The Role:

We are seeking a Senior-level Incident Commander for our SOC, a SME at identifying and responding to cyber threats against AMD. The role offers a high degree of freedom to investigate novel and complex threats, then develop knowledge, playbooks, and automation.

This is a global role offering a great opportunity to build and implement defense and incident response solutions for a successful and growing company. We have competitive benefit packages and an award-winning culture. Join us!

The Person:

The ideal candidate should think one step ahead of cyber offenders. You have a steadfast curiosity and deep understanding of how things work and how things might be abused. Familiarity with containment strategies and technologies and the ability to direct appropriate response in the heat of the moment, and to recommend new capabilities to pursue after the fire is out is a must. As an excellent communicator and a proficient writer, you have the ability to effectively explain sophisticated threats clearly to audiences of varying backgrounds.

Key Responsibilities:

In this role you will serve as an incident handler leading major cybersecurity incident response, including handling sensitive/need-to-know incidents. With an understanding of CSIRT best practices and the AMD incident response model, you will create an appropriate response to resolve specific incidents and coordinate with external teams to get the support needed for incident closure. Additionally, this individual is a point of contact for a global 24x7x365 SOC environment. Other daily responsibilities may include:

  • Communicate incidents at an appropriate level of detail to all levels of the organization. Clearly and accurately communicate risk and trade-offs to business owners and company executives, enabling them to make appropriate decisions.
  • Train/mentor junior analysts on incident response process and tasks.
  • Constantly improve DFIR processes and procedures to improve speed and accuracy.
  • Propose and develop new use cases and playbooks/SOPs, as well as automation for recurring incidents and incident tasks, and will identify and onboard new data sources to support new threat detection and response use cases.
  • Collaborate with technical and business SME's from partner organizations including IT, Engineering, Finance, Audit/Compliance, HR/Legal, Corporate Investigations.
  • Understand, use, monitor, and optimize existing SIEM rules and SOAR processes. You will continually seek ways to improve detection accuracy and reduce false positive alerts, and for ways to accelerate or automate response processes.
  • Recommend improvements in the operation, configuration, monitoring and tuning of an enterprise SIEM platform, including log collection specifications and infrastructure, and data source onboarding. Identify data gaps that would enhance response speed and alert quality.

Preferred Experience:

  • Solid work experience in two or more of these security domains, preferably in a large enterprise environment:
  1. Security and Risk Management
  2. Digital Forensics
  3. Security Engineering
  4. Communication and Network Security
  5. Identity and Access Management
  6. Security Testing and/or Security Operations
  • Experience in a technical or business field adjacent to cybersecurity is preferred.
  • Proven knowledge of the MITRE ATT&CK matrix
  • Expert level understanding of common and emerging security threats and vulnerabilities, and demonstrable ability to relate emerging threats to relevant TTPs and execute unstructured hunts, with or without specific IOCs.
  • Proficiency with one or more SIEM query language
  • Solid understanding of TCP/IP protocols, Windows event logs, nix audit logs, IDS alarms
  • Working knowledge of security-related regulation and legislation
  • Experience configuring, tuning, monitoring, and supporting SIEM log collection and indexing infrastructure
  • Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, SOAR, HIDS/HIPS, AV, and Vulnerability Scanners.
  • Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.
  • Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.
  • Experience in working with a geographically diverse team in multiple time zones around the globe

Academic Credentials:

  • BSCS or related is preferred.
  • Industry security certifications such as CISSP and/or relevant GIAC certifications preferred

 

 

#LI-AJ1



Requisition Number: 84343 
Country: United States State: Texas City: Austin 
Job Function: Information Technology
  

 

AMD does not accept unsolicited resumes from headhunters, recruitment agencies or fee based recruitment services. AMD and its subsidiaries are equal opportunity employers. We consider candidates regardless of age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status. Please click here for more information.

Apply now

Apply for Job

Share this Job