Security Operations Center (SOC) Engineer

Job Summary
Security Operations Center (SOC) Engineer main responsibility is to mitigate and prevent security threats through monitoring and reporting, while also implementing strong cyber security practices to protect the organization. You will work in a team operating 24/7 and work closely with the different Technology teams such as the Service Desk, NOC, and our Engineers specializing in Security and Infrastructure. Engagement in diverse security projects alongside business partners is key to advancing the organization's cybersecurity agenda. Success in this role is grounded in meticulous attention to detail and a process-oriented approach, which enhances the understanding of the organization's operational framework. Proficiency in security technologies and solutions is essential for implementing best practices within the SOC. 

Primary Duties, Responsibilities and Deliverables

• Develop, document, and implement process within the SOC and relevant reports.
• Detect and respond to advanced threats, actor techniques, anomalous or suspicious activity, combined with intelligence, to identify potential and active risks to systems and data.
• Actively monitor new and emerging Security infrastructure-related technologies, trends, issues, and solutions.
• Conduct detailed comprehensive triage and investigation on a wide variety of security events and implement containment and mitigation processes.
• Collaborate with internal security partners and threat intelligence teams to derive indications and warnings of impending threat.
• Adhere to and champion the Technology core values and principles. 
• Engage directly with Security Infrastructure team and Technology groups related to projects and initiatives that would strengthen the overall security posture of the SOC team and the organization.
• Participate in creating innovative ways to use a wide range of security event data to advance detection methods.
• Ability to prioritize, work well under pressure and thrive under the operational demands inherent within the role.
• Proactively remediate security gaps in the infrastructure and remediate risks that affect information integrity.
•  Leading or actively participating in the investigation of security incidents. This involves analyzing alerts, identifying the root cause, and implementing containment measures.
• Using SIEM (Security Information and Event Management) tools and other security platforms to monitor network traffic, systems, and applications for suspicious activity or potential threats.
• Proactively searching for indicators of compromise or hidden threats that may not be detected by traditional security tools. This requires in-depth knowledge of attack techniques and threat actor behaviors.
• Managing and maintaining security tools like firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection platforms. This can include configuration and tuning for optimal performance.

General Knowledge and Skills

• Experience in analyzing a wide variety of network and host security logs to detect and resolve security issues.
• Understanding of common threat analysis model’s such as Cyber Kill Chain, and MITRE ATT&CK.
• Deep understanding of system internals on MacOS, Windows, and Linux.
• Background in malware analysis.
• Experience developing on Azure PaaS technologies such as; Functions (and Durable Functions), Storage (blob, table, queues) and Logic Apps.
• Experience automating and developing with Python, PowerShell, Kusto, or R with RESTful APIs.
• Experience correlating across very large and diverse datasets (Azure Data Lake, Azure Data Explorer, Cosmos DB).
• 2+ years working with SQL-based databases.
• Experience working within a diverse organization to gain support for your ideas.
• Ability to effectively multi-task and prioritize in a fast-paced environment.

Minimum Qualifications

• Bachelor's Degree/4-year Degree in Information Technology or other technical degree. 
• 3 or more years of combined IT and security work experience with extensive exposure conducting network security vulnerability assessments, penetration testing, or other related experience using advanced networking tools and security solutions as well as non-traditional techniques and methodologies and at least two (2) or more years of experience intelligence collection, analysis, and reporting process/procedures or two (2) or more years of experience in bug bounty programs, security research, 

Job Requirements

• Work hours may vary in length and schedule (may include a non-standard work week)

CSX is passionate about building a workforce that reflects the diverse communities we serve, one in which all individuals are valued, appreciated, included, respected and proud to be equal members of our team. We are nationally recognized for our commitment to diversity and inclusion, as well as our support for veterans and reservists. Take the next step and move your career forward with CSX. CSX, based in Jacksonville, Florida, is a premier transportation company. It provides rail, intermodal and rail-to-truck transload services and solutions to customers across a broad array of markets, including energy, industrial, construction, agricultural, and consumer products. For nearly 200 years, CSX has played a critical role in the nation's economic expansion and industrial development. Its network connects every major metropolitan area in the eastern United States, where nearly two-thirds of the nation's population resides. It also links more than 230 short-line railroads and more than 70 ocean, river and lake ports with major population centers and farming towns alike. More information about CSX Corporation and its subsidiaries is available at www.csx.com. Connect with us on Facebook  X  LinkedIn  Instagram   YouTube
Closing Statement
At CSX, two of our five Guiding Principles are Valuing and Developing Employees as well as Operating Safely. We are committed to offering our team members the most competitive compensation and benefits package available, unlimited opportunities for development and growth throughout an exciting and rewarding career, and the safest work environment possible. CSX is an Equal Opportunity Employer Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Click here to view the EEO is Law poster. Click here to view the OFCCP pay transparency provision information. CSX Transportation and its subsidiaries are not seeking outside assistance or accepting unsolicited resumes from staffing agencies or search firms for employment or contractor opportunities. Any resumes submitted by an outside vendor to any employee at CSX via e-mail, Internet, or directly to hiring managers without a valid written search agreement in place with the Talent Acquisition / HR department will be deemed the sole property of CSX. No placement fee will be paid in the event a candidate is hired as a result of the referral, or through other means.