WHAT YOU DO AT AMD CHANGES EVERYTHING We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. AMD together we advance_ THE ROLE: The Security Operations Center is the central nervous system for enterprise information security responsible for monitoring, detecting, categorizing, analyzing, and initiating response to security incidents. As a Tier 2 SOC Analyst you will be part of the detection and response team identifying and responding to cyber threats against AMD. Under the direction of management or a senior analyst you will analyze and respond to well-defined threats and assist with more complex threats. THE PERSON: The ideal candidate will possess strong multi-tasking skills and enthusiasm for details and should think one step ahead of cybercriminals. They should have an insatiable curiosity and deep understanding of How Things Work from which to understand how things might be abused. They should be well prepared to thrive in a fast-paced environment, possessing strong interpersonal and communication skills. KEY RESPONSIBILITIES: Threat hunting and forensic analysis. Where junior analysts follow defined scripts for defined threats, you will use sound DFIR methodology to creatively find new and unusual threats and use malware analysis and endpoint/network/memory forensics to determine the reach of a threat identified by the front line. Identify and digest threat data from various open and closed sources, correlating it against environmental context to produce threat intelligence. Validate for actionable items and take appropriate actions to mitigate risk. Incident handler with experience handling sensitive/need-to-know incidents. You will understand CSIRT best practices and the AMD incident response model, and will adapt both as appropriate to resolve specific incidents. You will coordinate with external teams to get the support needed for incident closure. Train junior analysts on incident response process and tasks. Constantly improve DFIR processes and procedures to improve speed and accuracy. Understand, use, monitor, and optimize existing SIEM rules and SOAR processes. You will continually look for ways to improve detection accuracy and reduce false positive alerts, and for ways to accelerate or automate response processes. Propose and develop new use cases and playbooks/SOPs. You will propose and develop automation for recurring incidents and incident tasks, and will identify and onboard new data sources to support new threat detection and response use cases. Assist with operation, configuration, monitoring and tuning of an enterprise SIEM platform, including log collection specifications and infrastructure, and data source onboarding. Collaborate with technical and business experts from partner organizations including IT, Engineering, Finance, Audit/Compliance, HR/Legal, Corporate Investigations. Escalation point for a global 24x7x365 SOC environment. Act as mentor and lead for other team members. PREFERRED EXPERIENCE: 3+ years' experience as a SOC Analyst, or a Network Analyst with security scope, preferably in a large enterprise environment. Experience in working with a geographically diverse team in multiple time zones around the globe. Deep understanding of the ATT&CK matrix, with demonstrated experience building use cases and SOPs around the TTPs most relevant to your business. Proficient technical writing skills (documenting processes and procedures) Ability to solve problems and work through ambiguity and uncertainty Proficiency in common scripting languages such as PowerShell, Bash, Python, etc. Proficiency with one or more SIEM query language. Working knowledge of TCP/IP protocols, windows event logs, *nix audit logs, IDS alarms. Experience configuring, tuning, monitoring, and supporting SIEM log collection and indexing infrastructure. Experience working extensively with technologies such as IDS/IPS, NGFW, EDR, SIEM, HIDS/HIPS, AV, and Vulnerability Scanners. Expert level understanding of common and emerging security threats and vulnerabilities. Self-motivated and proven ability to deliver end-to-end solutions in a high-tech and fast-moving industry. Industry security certifications such as Security+ and relevant GIAC certifications Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment. Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization. #LI-NS2 Benefits offered are described: AMD benefits at a glance. AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law. We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process.