Job
Description
In this role, you will be triaging, analysing, and remediating security incidents. You will be writing and delivering detailed investigation and analysis reports while maintaining technical documentation. You will work as part of follow-the-sun 24/7 SOC. Monitor security events and alerts from various sources. Execute predefined incident response playbooks related to identified security incidents. Collect, correlate, and analyze additional data to perform incident analysis and response. Support incident reporting to internal and external stakeholders. Collaborate with senior analysts to improve security processes. Who you are: Basic Qualification: Education: Bachelors in information technology, Computer Science or similar Field. Experience: Minimum 1 year of experience in a Cyber Security Operations Center (SOC) or related cyber security experience. Strong analytical and interpersonal communication skills, including the ability to communicate effectively Excellent verbal and written communication skills Technical documentation and writing Excellent team player that demonstrates proactiveness Mandate Skills: Experience with SOAR, SIEM, and EDR solutions. knowledge of Windows and Linux operating systems Strong analytical skills in threat, vulnerability, and intrusion detection analysis. Have a understanding of threat vectors as well as attacker techniques and tactics. Being a highly motivated individual with the ability to self-start, prioritize, and multi-task. The candidate should be able to react quickly, decisively, and deliberately in high stress situations. Strong verbal/written communication and interpersonal skills. Preferred Skills One or more widely recognized security certifications from renowned institutions such as GIAC/SANS, EC-Council, etc. Service-related expert knowledge: Knowledge of incident handling, protection of systems, networks, applications and data Confident handling of artifacts, IoCs and threat intelligence Case management experience and tools Experience with EDR and SIEM tools Alert triage and investigation, applying knowledge of the environment, understanding of the attack chain, and initial impressions of alerts to prioritize, validate, and investigate alerts. Case management classification and initial validation, documenting relevant details and observables Cyber security and technical knowledge: Experience with operating system security (Linux and Windows), anti-virus technologies and network security. Working knowledge of common TCP/IP based services and protocols such as DNS, DHCP, HTTP, FTP, SSH, SMTP, etc. Knowledge about firewalls, proxies/reverse proxies, IDS/IPS Knowledge of operating systems Ability to read and understand network and endpoint logs Basic Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, etc.) Consideration of laws, regulations, policies, and ethics (GDPR, etc.) Skills in writing queries for security and investigative tools Skills in applying incident handling best practices
