Cyber Security Analyst L3

Cyber Security Analyst L3

Key Responsibilities:

1. Threat Investigation & Incident Response:

• Develop and implement advanced investigation strategies for cybersecurity incidents.
• Conduct detailed log analysis to identify threats, anomalies, and potential breaches.
• Perform malware analysis to understand behavior and mitigate threats.
• Manage end-to-end incident response processes and root cause analyses.

2. Open-Source SIEM Expertise:

• Operate and integrate open-source SIEM platforms such as Wazuh, AlienVault, and others.
• Configure and fine-tune SIEM to enhance log ingestion, rule creation, and threat detection.

3. Endpoint Detection and Response (EDR):

• Investigate incidents using EDR solutions like Microsoft Defender, CrowdStrike, Carbon Black, and SentinelOne.
• Analyze endpoint telemetry and execute threat hunting processes.

4. Cloud Security:

• Conduct cloud security reviews for platforms such as AWS, Azure, and Google Cloud.
• Provide recommendations to strengthen cloud architecture and user authentication processes.

5. Server Hardening & CIS Benchmarks:

• Implement server hardening techniques based on CIS benchmarks.
• Perform security assessments to address identified vulnerabilities.

6. Threat Intelligence & SOAR Integration:

• Leverage threat intelligence platforms to proactively identify and mitigate potential threats.
• Work on SOAR (Security Orchestration, Automation, and Response) platforms to automate incident handling processes.

7. Incident Handling & Communication:

• Lead incident handling efforts, coordinating with internal and external stakeholders.
• Provide clear, concise, and actionable communication to technical and non-technical audiences.

8. Linux & Log Analysis:

• Review and analyze Linux system logs to identify potential security issues.
• Investigate unauthorized access attempts and system anomalies.

9. Client Management:

• Collaborate with US-based clients, ensuring their cybersecurity needs are met.
• Deliver regular reports, updates, and recommendations to clients.

Required Skills and Qualifications:

• 10+ years of hands-on experience in cybersecurity, incident response, and threat investigation.
• Expertise in open-source SIEM platforms like Wazuh, AlienVault, and their integration.
• Proficiency with EDR solutions such as Microsoft Defender, CrowdStrike, Carbon Black, and SentinelOne.
• Strong knowledge of cloud security best practices and architecture reviews.
• Experience in server hardening following CIS benchmarks.
• Familiarity with SOAR platforms and threat intelligence tools.
• Solid understanding of Linux systems and log review methodologies.
• Excellent communication skills for client interactions and technical reporting.
• Proven ability to work with international clients, especially in the US.

Preferred Certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)
• Microsoft Certified: Azure Security Engineer Associate
• AWS Certified Security Specialty

This role provides an excellent opportunity for growth and exposure to advanced cybersecurity practices while working with a global team. Apply now to join a dynamic and forward-thinking organization!