Information Security Analyst
As an Information Security Analyst L2 and L3, you will receive incidents escalated from L1 SOC, gets to manage the findings and work towards remediation of the incidents found.
He/she continuously operates the Security Incident process, driving the resolution of identified issues, as part of the team, bringing the necessary experience and expertise above the L1 SOC level. The role is working in shift mode (24/7), after the initial ramp up period. Minimum of 5 years of professional experience as a SOC Analyst (L1 or L2), threat researcher or hunter or a similar comparable role dealing with incident handling, alert tracking, cybersecurity case management.
Required Professional Expertise:
- Bachelor’s degree required or equivalent combination of education and experience.
- 3-5 years of professional experience as a SOC Analyst (L1 or L2), threat researcher or hunter or a similar comparable role dealing with incident handling, alert tracking, cybersecurity case management.
- Keen on further developing oneself in the information security world and the security operations.
- Schedule flexibility to “follow the sun” model (after the initial ramp up period).
- Developing and maintaining Play/Run-Books and/or Standard Operating Procedures in a SOC environment.
- Troubleshooting, reasoning, and analytical problem-solving skills.
- Ability to communicate technical details effectively in writing and verbally to junior IT personnel and management.
- Experience and deep understanding of cybersecurity tools, including SIEM, IDS/IPS, antivirus and endpoint detection & response solutions.
- Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.)
- Experience with Linux, Windows, iOS, and Network Operating Systems.
- Experience with EDR and SIEM technologies.
- Working knowledge of Routing and Access Control Devices.
- Understanding of leading cyber security frameworks such as NIST, Mitre ATT&CK, ISO, SANS top 20.
General knowledge of:
- Windows Servers including Windows Event Log, Active Directory, domains, GPOs and permissions, etc.
- Linux Servers including general configuration, system logs, cron jobs, firewalls, tunnels, etc.
- Networking devices and hardware, configuration, and syslog management.
- Scripting Languages including but not limited to Python, Pearl and Bash
- Security+, CEH, GSEC or equivalent mid-level technical certification.
- Basic knowledge of SQL.
- C, C++, C#, Java or PHP programming languages.
- CISSP, GCIH, GSEC, GCIA, GCED, GCWN, GMON, GCDA or other equivalent.
- Language proficiency in French, German.
- Education or experience in Data Science and/or Machine Learning.
Essential Duties and Responsibilities:
- Monitoring and analysis of cyber security events with use of QRadar (SIEM), IDS, Cylance, RedCloak, McAfee antivirus.
- Security Event Correlation as received from L1 SOC or Incident Response staff or relevant sources to determine increased risk to the business.
- Recognize potential, successful, and unsuccessful intrusion attempts/compromises thorough review and analysis of relevant event detail and summary information
- Development and execution of SOC procedures
- Educating the coaching the L1 colleagues.
- Triage security events and incidents, detect anomalies, and report/direct remediation actions.
- Ensure confidentiality and protection of sensitive data.
- Analysis of phishing emails reported by internal end users for cases going above L1.
- Working with remediation (IT Infra & Ops) teams on events and incident mitigation
- Follow up on remediation activities