Senior SOC Engineer - Threat Hunter - 79359

Location: Austin, Texas, US

Company: Advanced Micro Devices

Apply now

Apply for Job


What you do at AMD changes everything 
 

At AMD, we push the boundaries of what is possible.  We believe in changing the world for the better by driving innovation in high-performance computing, graphics, and visualization technologies – building blocks for gaming, immersive platforms, and the data center. 
 

Developing great technology takes more than talent: it takes amazing people who understand collaboration, respect, and who will go the “extra mile” to achieve unthinkable results.  It takes people who have the passion and desire to disrupt the status quo, push boundaries, deliver innovation, and change the world.   If you have this type of passion, we invite you to take a look at the opportunities available to come join our team.
 

Senior SOC Engineer-Threat Hunter

The Role:

The Security Operations Center is the central nervous system for enterprise information security responsible for monitoring, detecting, categorizing, analyzing, and initiating response to security incidents. We are seeking a Senior SOC Engineer (Threat Hunter), a SME at identifying and responding to cyber threats against AMD. The role offers a high degree of freedom (within CSIRT best practices and the AMD incident response model) to investigate novel and complex threats, then develop knowledge, playbooks, and automation. This is a global role offering a great opportunity to build and implement defense and incident response solutions for a successful and growing company!

The Person:

The ideal candidate will possess strong multi-tasking skills and passion for details and should think one step ahead of cyber criminals. They should have an insatiable curiosity and deep understanding of How Things Work from which to understand how things might be abused.

You should be well-prepared to thrive in a fast-paced environment, possessing good interpersonal and communication skills.

KEY RESPONSIBILITIES:

  • Threat hunting and forensic analysis. As a senior analyst, you will use sound DFIR methodology to creatively find new and unusual threats, and use malware analysis and endpoint/network/memory forensics to determine the reach of a threat identified by the front line.
  • Identify and digest threat data from various open and closed sources, correlating it against environmental context to produce threat intelligence. Validate threats and take appropriate actions to mitigate risk.
  • Incident handler with extensive experience leading major cybersecurity incident response, including handling sensitive/need-to-know incidents. You will understand CSIRT best practices and the AMD incident response model, and will adapt both as appropriate to resolve specific incidents. You will coordinate with external teams to get the support needed for incident closure.
  • Train junior analysts on incident response process and tasks. Constantly improve DFIR processes and procedures to improve speed and accuracy.
  • Understand, use, monitor, and optimize existing SIEM rules and SOAR processes. You will continually seek ways to improve detection accuracy and reduce false positive alerts, and for ways to accelerate or automate response processes.
  • Propose, direct, and execute "red team" operations to test detection and response capabilities, and to identify gaps and weaknesses.
  • Propose and develop new use cases and playbooks/SOPs, as well as automation for recurring incidents and incident tasks, and will identify and onboard new data sources to support new threat detection and response use cases.
  • Assist with operation, configuration, monitoring and tuning of an enterprise SIEM platform, including log collection specifications and infrastructure, and data source onboarding.
  • Collaborate with technical and business SME's from partner organizations including IT, Engineering, Finance, Audit/Compliance, HR/Legal, Corporate Investigations.
  • Serve as contact point for a global 24x7x365 SOC environment
  • Act as mentor and lead for other team members

Preferred Experience:

The ideal candidate will have solid work experience in two or more of these security domains: Security and Risk Management, Digital Forensics, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and/or Security Operations, preferably in a large enterprise environment. Experience in a technical or business field adjacent to cybersecurity is preferred.

As a problem-solver, you are adept at working through ambiguity and uncertainty. You are an effective communicator and proficient writer -- able to effectively explain complex threats clearly to audiences of varying backgrounds.

  • Deep understanding of the MITRE ATT&CK matrix, with demonstrated experience building use cases and SOPs around the TTPs most relevant to your business.
  • Expert level understanding of common and emerging security threats and vulnerabilities, and demonstrated ability to relate emerging threats to relevant TTPs and execute unstructured hunts, with or without specific IOCs.
  • Proficiency in common scripting languages such as PowerShell, Bash, Python, etc.
  • Proficiency with one or more SIEM query language
  • Solid understanding of TCP/IP protocols, windows event logs, *nix audit logs, IDS alarms
  • Working knowledge of security-related regulation and legislation
  • Experience configuring, tuning, monitoring, and supporting SIEM log collection and indexing infrastructure
  • Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, HIDS/HIPS, AV, and Vulnerability Scanners.
  • Industry security certifications such as CISSP and/or relevant GIAC certifications
  • Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.
  • Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.
  • Active security clearance (TS/SCI) is a plus.
  • Experience in working with a geographically diverse team in multiple time zones around the globe

Academic Credentials:

Bachelor of Science degree in IT or related field is preferred.

Location:

Austin, Texas

It's a great time to join AMD. We offer outstanding benefits, including paid time off (holidays, vacation and sick), annual bonus incentive, matching 401k, ESPP, tuition reimbursement, onsite fitness facility (at some locations), and more!

 

#LI-LS1

 



Requisition Number: 79359 
Country: United States State: Texas City: Austin 
Job Function: Information Technology
  

 

AMD does not accept unsolicited resumes from headhunters, recruitment agencies or fee based recruitment services. AMD and its subsidiaries are equal opportunity employers. We consider candidates regardless of age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status. Please click here for more information.

Apply now

Apply for Job

Share this Job