Jo1586

Schedule: 6am – 6pm CST (it might be within this range).

Duration: Full-Time.

Company Background:

We are looking for a confident person, should not get nervous easily.  This is a very critical and technical role; we expect this person to walk in the door and be able to own the management of the ZScaler tool and investigate events, attacks, and activity.  

Required skills:

• ZScaler tool expert, not just admin.  2 years+, experience performing in-depth activity investigations, searches & queries, in-depth understanding of ZScaler logs, and logging field format strings.
• Experience managing an enterprise Zscaler ZIA deployment and policy customization, in-depth understanding of PAC file and/or WPAD, and experience troubleshooting connectivity and performance issues.
• Strong experience & skills performing incident triage and investigating attacks, malware, and suspicious activity at a process, command, and code-level.
• Strong regex experience
• Strong Windows OS server infrastructure knowledge
• Technology experience 10+ years, 6+ years of information security
• Excellent English communication skills (written, verbal, and comprehension)
• Confident, energetic, driver, leader mentality
• Extremely detail-oriented
• Passionate about information security
• Good Judgement
• Proactivity
• Advanced problem solver

Experience:

• Working in a SOC or providing incident support for a security team
• Leading multi-team incident investigations
• Experience identifying and mitigating web application attacks, C2 beaconing, and/or DPL/Data Exfil.
• Log/protocol analysis, writing RegEx, and experience efficiently analyzing and sifting through thousands of logs to quickly pinpoint/identify suspicious activity.
• Experience with searches in a SIEM (like QRadar or Splunk) and/or an EDR (like Carbon Black, CrowdStrike Falcon).
• Threat hunting in core security tools

Tool Experience:

• Zscaler ZIA
• QRadar and/or Splunk query language
• Regex