CCS Global Tech is a rapidly growing Information Technology company with a diverse portfolio of technology products and services and a large network of industry partnerships. With over 22 years of being a successful business with a global talent pool and presence, CCS is a certified Microsoft Gold Partner and specializes in delivering expert Microsoft based solutions for technical and business needs. We have been recognized by Inc. 500 Magazine as one of the fastest growing small companies in the Unites States.
we are a Tier 1 vendor for the City and County of San Francisco for Cloud Services, Staffing Services and Training Services. For this multi-year opportunity with a diverse set of needs to address, we are currently focusing on establishing partnerships with individuals as well as companies who can help us enhance our overall service portfolio, cut lead times, and ultimately help us deliver successfully. We currently hold sizable Government accounts in the San Francisco bay area including City and County of San Francisco, San Mateo County, and Santa Clara County.
We take great pride in our global reach and local influence. Your experience alongside our highly skilled and talented internal team who guide you along the way, offers key insights into what helps you stand out in a competitive job market.
If you are a partner company, please submit resumes with contact information of your own W2 Consultants only. Submitted consultants are expected to have excellent communication skills.
Roles/Responsibilities:
This position is 100% remote and will participate in a monthly on-call rotation supporting a 24x7 security operations center serving multiple state agencies. Other after-hours work may be required as needed.
- Primarily assist in the planning, design, deployment, administration and operational support of enterprise SIEM and XDR capabilities, Including:
Palo alto cortex XSIAM and Cortex XDR platform engineering, configuration, optimization and troubleshooting multi-tenant agency onboarding, tenant-specific configuration, role-based access, data segregation, dashboards and reporting detection engineering, correlation rules, analytics, threat-hunting queries, watchlists, suppression logic and false-positive reduction
- Secondarily assist in the planning, design, deployment and operational support of log management and security data pipelines, including:
Cribl data modeling, log pipeline design, routing, parsing, normalization on, enrichment, filtering, replay and ingestion onboarding and health monitoring of cloud, endpoint, network, identity, SaaS and custom application telemetry log volume, retention, performance and cost optimization while maintaining security and compliance requirements
Integrations with ticketing, case management, notification, identity, threat intelligence and other enterprise systems as needed
- Develop, test, deploy and maintain automated response workflows and playbooks for enrichment, triage, containment, escalation, notifications, case management and incident response.
- Create and maintain operational runbooks, standard operating procedures, escalation matrices, troubleshooting guides, architecture diagrams, data-flow documentation, use-case catalogues and analyst knowledge articles.
- Support tier 1 through tier 3 soc analysts and incident responders through platform troubleshooting, detection tuning, threat hunting, technical escalation, knowledge transfer and shift handoffs.
- Monitor and report on ingestion health, platform availability, alert volumes, detection coverage, false positives, service levels, mean time to detect, mean time to respond and tenant-specific operational metrics.
- Ensure high availability, resilience, backup, recovery, lifecycle management and controlled change processes for SIEM, XDR and supporting log pipeline services.
- Collaborate with security architects, engineers, analysts and agency stakeholders to align solutions with business goals, industry-standard frameworks, regulatory requirements and organizational risk tolerance.
Mandatory Skill:
- Bachelor's Degree in an Information Technology or Information Security related field (8+ years of relevant work experience may be substituted in lieu of education)
- 5+ years of experience support large IT environments and/or system deployments
- Hands-on experience with Palo Alto Cortex, XSIAM, and Cortex XDR design, implementation, administration and operational support.
- Experience engineering and supporting SIEM capabilities for multi-tenant environments and 24x7 Security Operations Center operations.
- Experience developing and tuning detections, correlation rules, analytics, threat-hunting queries, dashboards, reporting and alert suppression logic.
- Experience creating and managing complex playbooks
- CRIBL Data Modeling, log pipeline design, parsing, normalization, enrichment, routing and ingestion.
- Experience developing automation, integrations, playbooks and response workflows using scripting languages such as Python and Bash.
- Experience onboarding and troubleshooting telemetry from cloud, endpoint, network, identity, SaaS, Linux, Windows and custom application sources.
- Strong understanding of enterprise security architecture, incident response, networking, access control, secure system design and industry-standard cybersecurity frameworks.
Desirable Skills:
- CISSP, Security+ or GIAC certification
- Palo Alto Cortex, Cribl or other relevant SIEM/security platform certification
- Hands-on experience operating Cortex XSIAM and Cortex XDR in a large, multi-tenant environment.
- Hands-on Cribl administration, data modeling and log pipeline optimization experience.
- Experience supporting Tier 1 through Tier 3 SOC analysts, threat hunting, incident response and 24x7 operational handoffs.
- Familiarity with industry-standard security and compliance frameworks and experience developing playbooks, runbooks, procedures and technical documentation.