Job Description

About MarvellMarvell\xe2\x80\x99s semiconductor solutions are the essential building blocks of the data infrastructure that connects our world. Across enterprise, cloud and AI, automotive, and carrier architectures, our innovative technology is enabling new possibilities.At Marvell, you can affect the arc of individual lives, lift the trajectory of entire industries, and fuel the transformative potential of tomorrow. For those looking to make their mark on purposeful and enduring innovation, above and beyond fleeting trends, Marvell is a place to thrive, learn, and lead.Your Team, Your Impact Joining Marvell as a Tier 3 SOC Analyst, you will be a senior-level expert at identifying and responding to cyber threats against Marvell. The SOC is the central nervous system for the cybersecurity organization, a 24x7 service responsible for detection, assessing, and responding to security threats globally. In this role you will have a high degree of freedom to hunt for and investigate sophisticated threats, and to develop detection logic, response playbooks, and automation to accelerate Marvell\'s ability to respond to emerging threats.What You Can Expect

• Act as a key advisor to the Cyber Operations Director on matters of security operations, bringing deep technical expertise to strategic discussions. You have an insatiable curiosity and a deep understanding of how technology and processes are supposed to work, from which to recognize ways in which they can be abused.
• Threat hunting and forensic analysis. You will creatively find new and unusual threats, and will confirm the reach of threats identified by the front line.
• Identify and digest threat data from various open and closed sources, correlating it against environmental context to produce threat intelligence. Validate for actionable items, and take appropriate actions to mitigate risk.
• When needed and under the direction of the CSIRT program lead, you will act as Incident Commander to lead the response to and resolve specific incidents. You will coordinate with external teams to get the support needed for incident closure.
• Communicate incidents at an appropriate level of detail to multiple levels of the company. Clearly and accurately communicate risks and trade-offs to business owners and company executives, enabling them to make informed decisions.
• Train junior analysts on incident response process and tasks. Constantly improve DFIR processes and procedures to improve speed and accuracy.
• Understand, use, monitor, and optimize existing SIEM rules and SOAR processes. You will continually look for ways to improve detection accuracy and reduce false positive alerts, and for ways to accelerate or automate response processes.
• Propose and develop new use cases and playbooks/SOPs. You will propose and develop automation for recurring incidents and incident tasks, and will identify and onboard new datasources to support new threat detection and response use cases.
• Collaborate with technical and business experts from partner organizations including IT, Engineering, Finance, Audit/Compliance, HR/Legal, and Global Security.
• Shift lead, accountable for all SOC functions during your shift. Lead junior analysts, oversee their performance, guide and confirm their analytical conclusions, and ensure continuity for active cases shift to shift.
• Escalation point for a global 24x7x365 SOC environment
• Act as mentor and lead for other team members

#LI-MN1What We\'re Looking For

• 8+ years\' experience in one or more security-relevant domains including 5+ years as a SOC Analyst, or a Network Analyst with security scope; preferably for a

5000 person enterprise. * Experience in working with a geographically diverse team in multiple time zones around the globe

• Strong communication skills and an ability to adapt a message to audiences ranging from technology SMEs to company executives to stakeholders in every business discipline.
• Deep understanding of MITRE ATT&CK, with demonstrated experience building detection cases and playbooks around the tactics and techniques most relevant to your business.
• Proficient technical writing skills (documenting processes and procedures);
• Ability to solve problems and work through ambiguity and uncertainty;
• Proficiency in common scripting languages such as PowerShell, Bash, Python, etc.
• Proficiency with one or more SIEM query language
• Working knowledge of TCP/IP protocols, windows and sysmon event logs, *nix audit logs, Microsoft 365 audit logs, public cloud logs.
• Experience configuring, tuning, monitoring, and supporting SIEM log collection and indexing infrastructure
• Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, HIDS/HIPS, AV, and Vulnerability Scanners.
• Expert level and continually expanding understanding of common and emerging security threats and vulnerabilities
• Self-motivated and proven ability to deliver end-to-end solutions in a high-tech and fast moving industry.
• Industry security certifications such as CISSP and relevant GIAC certifications or equivalent highly desirable.
• Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.
• Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.

#LI-MN1Additional Compensation and Benefit ElementsWith competitive compensation and great benefits, you will enjoy our workstyle within an environment of shared collaboration, transparency, and inclusivity. We\xe2\x80\x99re dedicated to giving our people the tools and resources they need to succeed in doing work that matters, and to grow and develop with us. For additional information on what it\xe2\x80\x99s like to work at Marvell, visit our page.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Marvell