Security Job Offer (Help)

I'm a new graduate as of last December who has a lot of technical support experience. All of my jobs up until leaving college involved me being a repair tech or service desk. I finally found that I wanted to get into the security field with the dream of being in a SOC doing blue/red sort of things.

There are no entry level SOC jobs so I'm building experience in the security world to get there. I left my full time service desk job to be a Security analyst on contract. I do lots of IT risk analysis and starting to dive into application security reviews for auditing. I'm surrounded by brilliant people and can ask questions.

The trouble I'm having is that another company I applied for around the same time finally offered a job. Security administrator. From what I understand this is focused on the access control side. Active directory and setting permissions in other applications. This is full time and pays way more than what my contract will give me. The question is which one do you all think will get me in a SOC?

My current contract is more about analyzing, asking questions and determining risk and vulnerabilities then suggest how to remediate. The second is more technical and focused on a single domain. Building GPOs and supporting life cycle of user accounts. Awesome But I feel like I may not get into a SOC with just that one domain.

Suggestions?

Find more posts tagged with

Comments

superbeast

How long have you been doing contract work? If it's been a while, you could use that experience in conjunction with your new Sec Admin experience to jump into SOC.

Synosis

Only about three months in... not long enough in my opinion. I know I need need more time and experience. Perhaps I can pass this up even though it pays far more. I'm just hoping that I'm not passing up a SOC worthy opportunity. Application Security isn't directly related but I still get knowledge of some aspects

superbeast

I searched SOC jobs on indeed in DC area and found a couple of experience requirements so maybe review a couple of SOC job postings to see what job would better suit those needs, the Sec Admin job or your contracts jobs. Below is a snippet of one that I found....

"Eight years of security engineering experience involving a broad range of security technologies to include wide area networks, host and network IDS, virtual private networks, remote access, Web Application and Firewalls. Contractor must have the following skills: Demonstrated experience in investigating event data from sources such as Splunk, ArcSight, FireEye and other Intrusion Detection Systems and being able to come to appropriate conclusions about the nature and impact of the event.; The ability to read and interpret log files from a variety of sources that must include firewalls, web servers, Linux servers, Windows Desktops, Windows Servers, and VMWare ESX hosts.; The ability to analyze data from a variety of sources over time and create a logical narrative of observed behavior."

"[h=3]Qualifications:[/h]

Ability to work non-core hours (swing or night shift) if necessary
Familiarity with Computer Emergency/Incident Response (CERT/CIRT) procedures
Strong working knowledge reviewing IDS, Firewall and other security logs
Experience with monitoring Security Information and Event Management (SIEM) solutions and analyzing SIEM data
Familiarity with various network and host-based security applications and tools, such as network and host assessment/scanning tools, network and host based intrusion detection systems, and other security software packages
Understanding of Anti-Virus solutions, Intrusion Detection/Prevention Systems, Firewalls, Vulnerability Assessment tools, Web Proxies and Active Directory
Well versed on network protocols
Well versed on the latest attacks, vulnerabilities, and trends associated with cyber security
Excellent communication skills with the ability to provide the appropriate level of detail (verbal and written) to both technical and non-technical personnel"

Kalabaster

Why specifically do you want to be in a SOC? It's a very rare and mature SOC that participates in blue/red exercises, usually that's not something you see. Generally a SOC is a ticket farm, like a service desk position, with tiers. Lowest tier handles spam and phishing, elevating emails with attachments to higher tiers for malware analysis. Higher tiers get into IDS monitoring, traffic analysis (reading PCAPS and netflow in a psuedo IR role), and possibly some malware analysis. Note that red team blue team exercises are not a general part of the role. I think the only place I've seen that tries to do that within the SOC is Target, over in Michigan, or Milwaukee, or wherever it is.

My 2 cents is to take the admin job, use the extra pay to get in some training, and land a more dedicated role in a security team as a mid level or higher guy. No need to start back at the bottom if you can avoid it and have relevant experience, and you can certainly spin the sec admin spot as relevant experience.

Synosis

Kalabaster wrote: »

Why specifically do you want to be in a SOC? It's a very rare and mature SOC that participates in blue/red exercises, usually that's not something you see. Generally a SOC is a ticket farm, like a service desk position, with tiers. Lowest tier handles spam and phishing, elevating emails with attachments to higher tiers for malware analysis. Higher tiers get into IDS monitoring, traffic analysis (reading PCAPS and netflow in a psuedo IR role), and possibly some malware analysis. Note that red team blue team exercises are not a general part of the role. I think the only place I've seen that tries to do that within the SOC is Target, over in Michigan, or Milwaukee, or wherever it is.

My 2 cents is to take the admin job, use the extra pay to get in some training, and land a more dedicated role in a security team as a mid level or higher guy. No need to start back at the bottom if you can avoid it and have relevant experience, and you can certainly spin the sec admin spot as relevant experience.

You actually answered why I want to be in a SOC. IDS and traffic analysis are the most interesting parts. I love the idea of investigating traffic on a network and figuring out what the hell is going on. Maybe I don't need to be in a SOC but that is the general goal. But I understand which is why this decision is decision is hard. They both lead towards security but I just don't understand what can lead into those advanced roles. Thanks for the job descriptions in DC