Roles & Responsibilities
- Perform Security Event/Threat Monitoring as part of a 24x7x365 Security Operations Centre
- Day to day triaging ticket alerts, analyzing using threat intelligence and escalating when required
- Serve as a technical escalation resource for other SOC Analysts and provide mentoring for junior team members’ skill development
- Act as an incident responder for the Security Operations Center, leading technical investigations of security incidents and providing customers security expertise
- Conducting cyber threat research and analysis for purposes of improving visibility and development of the SIEM use case library and playbooks
- Conduct proactive “Threat Hunting” and investigations in the absence of any known indicator of compromise
- Contribute to the evaluation of new or updated security solutions with engineering
- Support and manage various Endpoint Detection and Response (EDR), Web Application Firewall (WAF), and Network Intrusion Detection (NIDS) solutions
Job Requirements
Hands-on working knowledge with a variety of security technologies and processes including but not limited to:
- 5 years of technical operations experience in Information Security, System Administration, or Network Engineering with at least 3 years of experience in a Security Operations Centre
- Advanced knowledge and expertise using SIEM technologies for event investigation
- Knowledge of Windows Active Directory, Group Policies, PowerShell
- Log analyses for Windows, Linux, Azure/O365/AWS/Google, network and end point security controls
- Knowledge of the MITRE ATT&CK framework to understand adversaries’ tactics and techniques
- Network fundamentals including OSI stack, TCP/IP, DNS, HTTP, SMTP packet capture and analysis
- Solid understanding of OSs including Windows and Linux
- Knowledge of Cloud technologies (AWS, Google Cloud, Azure)
- Knowledge of malware capabilities, attack vectors and impact
- Knowledge and experience in threat analysis
- Experience on: Vulnerability Scanning technologies, Firewalls, VPN technologies, IDS/IPS solutions, Web Application firewalls, Host based intrusion detection systems, Malware analysis and Endpoint Protection, Malware analysis and Endpoint Protection, EDR technologies and Content filtering technologies
- Should have experience in incident response and a working knowledge of IT Service Management disciplines and their application to security operations
- Ability to work in rotating shifts including weekends
Qualifications:
- Diploma / Degree in Computer Science or IT related field
- Preferred SANS GCIH or other equivalent Security certification/accreditation
- Excellent written and verbal communication in English is essential to support client and internal interactions
