Smts Information Security

Overview:
**WHAT YOU DO AT AMD CHANGES EVERYTHING**

We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences - the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. This is who we are at our best. One Company. One Team.

AMD together we advance_

**Responsibilities**:
- The Security Operations Center is the central nervous system for enterprise information security responsible for monitoring, detecting, categorizing, analyzing, and initiating response to security incidents.

As a Tier 3 SOC Analyst you will be a senior-level expert at identifying and responding to cyber threats against AMD. You will have a high degree of freedom (within CSIRT best practices and the AMD incident response model) to investigate novel and complex threats, then will develop knowledge, playbooks, and automation to make yourself as well as junior analysts more effective.

THE PERSON:
KEY RESPONSIBILITIES:

- Threat hunting and forensic analysis. Where junior analysts follow defined scripts for defined threats, you will use sound DFIR methodology to creatively find new and unusual threats, and use malware analysis and endpoint/network/memory forensics to determine the reach of a threat identified by the front line.
- Identify and digest threat data from various open and closed sources, correlating it against environmental context to produce threat intelligence. Validate for actionable items, and take appropriate actions to mitigate risk.
- Incident handler with experience handling sensitive/need-to-know incidents. You will understand CSIRT best practices and the AMD incident response model, and will adapt both as appropriate to resolve specific incidents. You will coordinate with external teams to get the support needed for incident closure.
- Train junior analysts on incident response process and tasks. Constantly improve DFIR processes and procedures to improve speed and accuracy.
- Understand, use, monitor, and optimize existing SIEM rules and SOAR processes. You will continually look for ways to improve detection accuracy and reduce false positive alerts, and for ways to accelerate or automate response processes.
- Propose and develop new use cases and playbooks/SOPs. You will propose and develop automation for recurring incidents and incident tasks, and will identify and onboard new datasources to support new threat detection and response use cases.
- Assist with operation, configuration, monitoring and tuning of an enterprise SIEM platform, including log collection specifications and infrastructure, and data source onboarding.
- Collaborate with technical and business experts from partner organizations including IT, Engineering, Finance, Audit/Compliance, HR/Legal, Corporate Investigations.
- Escalation point for a global 24x7x365 SOC environment
- Act as mentor and lead for other team members

IDEAL CANDIDATE WILL HAVE:

- 5+ years' experience as a SOC Analyst, or a Network Analyst with security scope, preferably in a large enterprise environment
- Experience in working with a geographically diverse team in multiple time zones around the globe
- Deep understanding of the ATT&CK matrix, with demonstrated experience building use cases and SOPs around the TTPs most relevant to your business.
- Proficient technical writing skills (documenting processes and procedures);
- Ability to solve problems and work through ambiguity and uncertainty;
- Proficiency in common scripting languages such as PowerShell, Bash, Python, etc.
- Proficiency with one or more SIEM query language
- Working knowledge of TCP/IP protocols, windows event logs, *nix audit logs, IDS alarms
- Experience configuring, tuning, monitoring, and supporting SIEM log collection and indexing infrastructure
- Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, HIDS/HIPS, AV, and Vulnerability Scanners.
- Expert level understanding of common and emerging security threats and vulnerabilities
- Self-motivated and proven ability to deliver end-to-end solutions in a high-tech and fast moving industry.
- Industry security certifications such as CISSP and relevant GIAC certifications
- Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.

LI-NS2

Qualifications:

- Benefits offered are described: _AMD benefits at a glance.