Lead CyberSOC Engineer | Schlumberger

Job Details

Lead CyberSOC Engineer

Houston - United States

Job Summary:

The Lead CyberSOC Engineer will identify, analyze, communicate, defend, and contain information security incidents.

Roles and Responsibilities:

  • Possess all skills required of a CyberSOC Engineer (T2)
  • In-depth knowledge of most of the skills listed in the “Technical Skill” section
  • Ability to perform basic malware reverse engineering
  • Ability to perform memory analysis using tools such as Volatility or Rekall
  • Leverage forensic tools such as FTK, X-Ways, SIFT as part of an investigation
  • Use both internal and external threat intelligence to build threat detections and provide data enrichment
  • Threat Hunting
  • Evaluate tools/solutions for investigation and IR (Incident Response)
  • Ability to write scripts and Automate
  • Conduct security gap analysis assessments, penetration testing / red-team assessments, and vulnerability assessments to identify security vulnerabilities
  • Maintain and employ a strong understanding of advanced threats, continuous vulnerability assessment, response and mitigation strategies used in cybersecurity operations
  • Mentor T1 and T2 analysts
  • Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems (IDS/IPS), firewalls, host-based security systems (HBSS), etc.
  • Correlates network activity across networks to identify trends of unauthorized use
  • Research emerging threats and vulnerabilities to aid in the identification of incidents
  • Analyze the results of the monitoring solutions, assess, and correlate the output using automated systems. Conduct triage, event correlation, classification, and analysis of these events such that incidents are investigated and logged or followed up using the existing information risk incident management processes
  • Provide pro-active feedback which will enable improvement of the current monitoring rules, based on information and knowledge/experience from Schlumberger and Industry best practices.
  • Capable of working unsupervised, but able to interact and give direction to business and IT (Information Technology) teams in line within established corporate security policies and processes.
  • Develops and maintains constructive and cooperative working relationships with team members
  • Demonstrates the ability to drive creative, innovative ways to solve problems or minimize risk
  • Consultative skills and ability to work cross-functionally
  • Focused and results oriented
  • Ability to react quickly, decisively, and deliberately in high-stress, high-impact situations
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one


Certifications (1 or more of the following required)

Current (not future/or planned) Certification are preferable

  • SANS (SysAdmin, Audit, Network, and Security) GIAC (Global Information Assurance Certification) certification in Cyber Defense, Penetration Testing, Incident Response or Forensics
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • EC-Council certification: CEH (Certified Ethical Hacker), ECSA (Certified Security Analyst), CHFI (Computer Hacking Forensic Investigator), CND (Certified Network Defender)
  • Cisco Certified Network Associate (CCNA)

Technical Skills:

1. Incident Response - Security Risk

  • Strong troubleshooting and root cause analysis skills
  • Cyber outbreak management and the ability to differentiate malicious activity from directed attack patterns

2. Security Event Monitoring and Analysis

  • Log analysis/ Windows event analysis
  • Security Information and Event Management (SIEM) – Chronicle and Splunk are preferred

3. Could Security

  • Cloud experience (e.g., Azure, GC (Google Cloud), AWS (Amazon Web Services), Alibaba Cloud, Yandex, G42)

4. Endpoint

  • Antivirus solutions (e.g., Microsoft Defender)
  • Strong Windows and Linux administration experience
  • Information Security tools & packet analyses tools (e.g., Cb, Wireshark)

5. Network Security • Firewall (e.g., Pato Alto Networks)

  • Internet Protocols and Services (e.g., TCP/IP, FTP (File Transfer Protocol), HTTPS, SSH (Secure Shell))
  • Intrusion Detection (e.g., IDS/IPS tools)
  • Network scanning tools (e.g., NMAP)
  • Networking infrastructure (Cisco is preferred)
  • Information Security tools & packet analyses tools (e.g., Cb, Wireshark)

6. Identity & Access Management • Azure Active Directory

  • Cloud Access Security Broker (CASB)
  • Federation
  • Conditional Access
  • Zero Trust

7. Forensics

  • Malware analysis and memory analysis
  • Network and Host forensics

8. Email security

  • Phishing detection tools (e.g., Proofpoint TRAP, CLEAR)

9. Threat Intel

  • Experience in analyzing threat intel feeds.

10. OT/IIoT Security

  •  Awareness of SCADA (Supervisory Control and Data Acquisition) / IIoT (Industrial Internet of Things) technologies

11. Data Security

  •  Data Loss Prevention tools, (e.g., AIP (Azure Information Protection), IRM (Information Rights management))

12. Compliance and Audit

  •  Fair understanding of the NIST (National Institute of Standards and Technology) CS (Cyber Security) Framework

13. Vulnerability Management

  • Vulnerability Testing tools (e.g., Qualys, Kali)

14. Scripting/Automation

  • Programming/Scripting tools (e.g., Python, Bash, PowerShell, YARA-L)

15. Application Security

  •  Fair understanding of the threat modeling

16. Project Management

  • Basic project management experience

17. Common Technical Skills

  •  SharePoint and PowerBI experience are an advantage
  • YARA-L, PowerShell or Python coding experience is an advantage

Overall Minimum Position Requirements:

  • Bachelor’s or master's degree in a technical field such as computer science, Cyber Security, Management Information Technology, Engineering, and Mathematics is strongly preferred
  • Information Security Experience:
    • For T3: 5-10 years
  • Must be able to work flexible hours including early/late shift, weekends, and public holiday
  • Fluent in English
  • Ability to read and understand additional languages is a strong advantage
  • Effective communication skills
  • Must possess excellent work habits, a strong work ethic, and be able to adhere to company work hours, policies, and standard business etiquette
  • Ability to work under stress and resilience to support extended work shifts infrequently (during Cyber Operations)
  • Keen to follow a self-driven learning and development plan
  • Candidates must be able to work and reside in the US, without sponsorship

Work from Home policy adherence:

The Work from home policy is designed to improve people’s work-life balance, making it beneficial for both the employee and the company. It gives proper flexibility to allow employees, based on circumstances, to split the work hours (shift) between home and office, enhancing productivity. Work from home policies might apply to CyberSOC employees, and the final schedule will be determined by local country policies in agreement with CyberSOC manager.

Dedicated local Employee Teleworking Acknowledgement must be reviewed and accepted as part of the work from home policy. Employees’ acceptance of the Work from Home policy implies the following elements:

Enhanced Online dexterity and proficiency to use company remote collaboration tools (Microsoft Teams, VPN (Virtual Private Networks) - Global Protect). Employees are responsible for making sure that all the tools and services are available and reliable to perform work duties effectively and in a secure manner. This includes but not limited to, Stable and reliable performance connectivity, proper laptop configuration with latest protection clients and provision of a secure environment, following company best practices for asset protection (secure Wi-Fi, cable lock, physical secure workspace).


CyberSOC Analyst is a tiered position with immediate progression within the team, reporting directly to the corresponding Cyber Security Operations Center manager. The titles and duties for each tier are highlighted below:

CyberSOC Analyst

CyberSOC Analyst (T1 – Tier 1) is expected to:

  • Demonstrate at least 2-3 of the skills listed in the “Technical Skill” section
  • Triage security events
  • Follow existing incident playbooks
  • Contribute to the improvement and creation of playbooks
  • Learn new skills across all technical domains
  • Use public cyber security resources (e.g., sites/blogs/podcasts) to stay up to date with latest news / threats
  • Show a commitment to progress towards T2

CyberSOC Engineer

CyberSOC Engineer (T2 – Tier 2) is expected to:

  • Possess all skills required of a CyberSOC analyst (T1)
  • In-depth knowledge of at least 5-6 of the skills listed in the “Technical Skill” section
  • Escalation point for Tier 1
  • Must be able to research, develop, and communicate solutions to detected security incidents in a timely manner
  • Use advanced analysis skills to isolate and diagnose potential threats and anomalous behavior
  • Mentor T1 analysts

Lead CyberSOC Engineer

Lead CyberSOC Engineer (T3 - Tier 3) See above initial description for Lead CyberSOC Engineer.


SLB is an equal employment opportunity employer. Qualified applicants are considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran or military status, pregnancy (including pregnancy, childbirth and related medical conditions), marital status, or other characteristics protected by law. We are an “Equal Opportunity Employer".  For more information regarding your rights, refer to the latest version of the "EEO is the Law" poster, the "EEO is the Law-Supplement" poster, and the "Pay Transparency Nondiscrimination Provision" located here: https://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm

We will endeavor to make a reasonable accommodation / modification to the known physical or mental limitations of a qualified applicant with a disability to assist in the hiring process, unless the accommodation would impose an undue hardship on the operation of our business, in accordance with applicable federal, state, and local law. If you believe you require such assistance to complete this form or to participate in the interview process, please contact accommodationhotline@slb.com to request assistance. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to.

We are committed to a culture where everyone feels like they belong. To learn more about our diversity, equity, inclusion commitments, please visit our Diversity & Inclusion | SLB (slb.com) for more information.

SLB is a VEVRAA Federal Contractor- priority referral Protected Veterans requested.