Job Title

As the IGS XDR Engineer within our Infinity Global Services (IGS) Managed eXtended Detection and Response (MXDR) Team at Check Point, you will assume a pivotal role in safeguarding our customer's digital assets, sensitive data, and critical systems against cyber threats and attacks. Leveraging your expertise in vulnerability identification, robust security implementation, and incident response, you will significantly enhance our customer's overall security posture. Collaborating closely with cross-functional teams, you will assess risks, formulate effective security strategies, and ensure adherence to industry standards and regulatory requirements. Your strong technical acumen and analytical mindset will be instrumental in the prompt detection and mitigation of security breaches, as well as the proactive anticipation and mitigation of potential threats. Staying at the forefront of emerging cyber threats and trends, you will bolster the customer's defenses, maintaining a resilient and secure IT environment. This role is ideal for a self-driven professional, that is passionate about cloud security, well-versed in major public cloud platforms, and adept at utilizing state-of-the-art tools to monitor security across cutting-edge offerings. By directly supporting top-tier companies across the United States, you will be at the forefront of cybersecurity innovation and excellence.Major Responsibilities Collaborate closely with DevOps and product teams to deliver security monitoring services to multiple clients. Perform vigilant monitoring across various security dimensions, including intrusion detection, file integrity, endpoint protection, log management, and SIEM solutions. Leverage expertise in cutting-edge XDR solutions, such as Microsoft Sentinel, Microsoft Defender for Endpoint, Check Point Harmony Endpoint, and other EDR solutions. Navigate cloud environments, particularly Azure, to ensure comprehensive security coverage. Skillfully analyze security events using log data and open-source intelligence to distinguish between legitimate and false-positive incidents. Maintain meticulous records of security monitoring activities through efficient case management and ticketing technologies. Contribute to the development, implementation, and maintenance of environment-specific rules, alerts, and dashboards within SIEM tools using custom queries. Collaborate with clients to tailor and configure SIEM tools, aligning them with specific security and compliance requirements. Effectively communicate security alerts to team members and clients regarding anomalies within the environment. Apply technical writing prowess to craft formal documentation, including analytical reports and briefings. Create and uphold a repository of standard operating procedures, technical documents, training materials, and troubleshooting guidelines for various security solutions. Participate in on-call rotations to provide support beyond regular business hours, catering to client operational needs. Conduct comprehensive data reviews to evaluate the efficacy of existing security and operational measures. Assist in the administration and maintenance of SIEM, Log Management, and Data Analytical Platforms. Address customer-initiated requests, such as Log Source configuration, Data Parsing, Use Case Development, and the resolution of complex issues related to managed security services. Innovate by developing technical solutions that automate repetitive tasks, enhancing operational efficiency. Provide leadership, guidance, and instruction to SOC analysts, fostering a collaborative team environment. Manage ticketing processes, including ticket creation, follow-up, and resolution, ensuring timely customer support. Employ a combination of tools and analytical skills to investigate and identify the root causes of issues across various technologies.What are we looking for Upbeat and positive attitude Strong analytical and troubleshooting skills Excellent written and verbal communication skills Team player Prior experience performing as a SOC Analyst Working knowledge of SIEM solutions and incident management solutions Technical understanding of core cybersecurity technologies as well as emerging capabilities. Inquisitive, problem-solving oriented 5+ years of prior relevant experience.Preferred Qualifications Experience: SOC: 5+ years (Preferred) Cybersecurity: 8+ years (Preferred) SIEM: 5+ years (Preferred) (Splunk or Sentinel) Vulnerability Management Malware Analysis Threat Hunting Programming/Scripting in one language (PowerShell / Python / Bash)Required Qualifications 5+ years of recent cybersecurity experience required Two Cyber Security Certifications or one Advanced Certification (CISM, CISSP, SecurityX, Microsoft SC-200 and/or SC-100, Security+, CySA+, CEH, etc) Prior SIEM experience Tuning Alert triage Detection Engineering Incident Response Working knowledge of Operating Systems Fundamental Networking knowledge Detection Engineering