Job
Description
Monitor the infrastructure to detect cyber security events, triage them and follow established incident response processes Participate in Incident Analysis and Response Participate in the evolution of use cases, incident response processes as well as other tasks performed by the team Requirements Bachelors or Master Degree level in Computer Sciences, Computer Engineering, Software Engineering, Information Security or any other equivalent degree Minimum of 4 years of experience in the Information Security field Experience Identification, triage of Cyber Security Events Deliver 24/7 monitoring of Security Alerts generated by SIEM Tools (Azure Sentinel, Qradar, Cofence) Integrate with CGI Security Orchestration and Response (SOAR) solution, pulling alert data from by SIEM Tools (Azure Sentinel, Qradar, Cofence) to support security analyst monitoring activities to gain investigation intelligence; Run enrichment playbooks against the alert(s) to extract and augment data provided with the initial alert to further drive and help analysts in their event classification and analysis. Engage incident process playbooks to ensure standardization and enhanced SOC response capabilities, when or if a security issue is declared Ensure SLA requirements are being met and proper processes used. Post Security Incident Reports to the clients MSS Security portal Monitor for suspicious activities, including predefined threat signature criteria, and indicators of attack Use pre-configured alerts to rapidly identify suspicious activities Respond to generated security events and assess whether or not a valid security incident has occurred Notify clients designated contacts and recommend next steps to follow if an incident is identified; Collaborate with the hardening team to address security events that have been determined to be a false positives Recommend improvements to dashboards and Sentinel tuning/normalization to the hardening team as applicable Triage and assessment of potentially infected Windows hosts Response to phishing campaigns Response to cyber security events in Microsoft Office 365 Tools Support Monitoring - Working knowledge of systems such as SIEM, EDR, Antivirus, Splunk, MS Defender Knowledge and Skills Security is a passion Knowledge Experience on Splunk, QRadar, Azure Sentinel is must Knowledge in malware investigations and remediations Good understanding of the Windows operating system and protocols such as TCP/IP , HTTP, SMTP Strong analytical and investigative skills Strong technical and learning agility, able to adapt to constantly evolving threats, domains and technologies Good written communication skills Ability to work independently, under pressure Skills: Security Infrastructure Supprt Security Operations Center Splunk Vulnerability Management(IAVM)
