Opis posla

This role will support our clients’ Security Operations Centre. For this role, we’re seeking an individual with a strong background in EDR, XDR (CrowdStrike, Cortex XDR, Windows Defender, SentinelOne) and SIEM tools with a good level of expertise in navigating Windows and Linux file systems via the Command line or using PowerShell Experience scripting in (Bash, PowerShell or Python) is an advantage. Knowledge of Cyber security frameworks such as Martin Lockheed Kill Chain, MITRE ATT&CK, Pyramid of Pain and Diamond model of intrusion analysis. Solid understanding of Windows, Linux and or Mac process internals, structure and or information would be extremely beneficial.

The Analyst performs in depth investigation of security incidents, writes incident report with details of the investigation findings, initiates response actions if applicable and provides applicable recommendations and next steps to the client based on the findings from the investigation. The Analyst applies trusted advisor techniques on all engagements with clients.

What You’ll Do:

Services Delivery (65%)

  • Monitor, analyze, and triage cyber security alerts on the EDR/XDR tool by applying industry accepted analytics techniques and cyber security frameworks such as Kill Chain and MITRE ATT&CK.
  • Take ownership of in-scope cyber incident investigations.
  • Create, manage, and follow up on service tickets.
  • Monitor and manage request and incident queues and provide response and resolution within Service Level Agreement and Service Level Objective.
  • Follow defined processes for incident response.
  • Correlate event details within the incident timeline to identify malicious activities leveraging EDR/XDR tool.
  • Carry out extended searches for leveraging the SIEM platform to provide in depth investigation and identify full attack path where applicable.
  • Design, create, and update documentation as directed.
  • Research and analyze threat intelligence and indicators of compromise (IOC) for applicability during incident investigation.
  • Review alerts, decipher false positives, and follow through on incident investigations.
  • Initiate response actions via the EDR or XDR tool for incident remedial action.
  • Evaluate risk of security alerts and make appropriate recommendations to mitigate evaluated risks.
  • Update service tickets and cases with investigation evidence.
  • Apply Trusted Advisor techniques to build up client trust and influence loyalty.
  • Carry out rapid IOC searches based on given IOC obtained from threat intelligence feeds across clients’ endpoint/extended detection and response platforms.
  • Open technical support cases with respective vendors where applicable
  • Escalate issues encountered during the shift to the Manager.

Professional Development (35%)

  • Attend training sessions or shadowing activities and obtain industry-related certifications as determined by the Manager.
  • Participate in all in-house CTFs and self-paced training.

What You Need to Succeed:

Must-Have:

  • Bachelor’s degree (B.A./B.S.) or 3-year diploma in Engineering, Computer Science, or Technology related field

AND/OR

  • At least 1 year of work experience in supporting information technology/systems
  • At least one (1) technical certification in such as: QRadar, LogRhythm, Exabeam, Comptia Security+, Comptia CYSA, SANS: GCIA, GCIH, CEH, Microsoft Certified: Security Operations Analyst Associate.

Other Position Requirements:

  • The candidate must be proactive and pay attention to details.
  • Works collaboratively with other teammates.
  • Takes ownership and drives issues towards a resolution.
  • A good understanding of IT infrastructure systems, Cybersecurity fundamentals, vulnerability management fundamentals, endpoint and server administrations, network routing and switching, network traffic analysis and administration.
  • Ability to acquire technical skills and certifications required to effectively execute the role, develop familiarity with industry or specialty products/services, and apply the knowledge gained through training.
  • Ability to investigate problems and use standard operating procedures and processes to resolve them.
  • Good troubleshooting and problem-solving skills. Possess an innate curiosity and critical thinking mindset.
  • Ability to establish positive working relationships and contribute to team objectives in a consulting environment.
  • Good verbal, written communication skills and the confidence to engage the clients effectively.
  • Proven time management and organizational skills
  • Word, Excel, Visio, PowerPoint, and Outlook skills

Nice-to-have:

  • Previous experience working in a Security Operations Centre (SOC) environment or similar environment.

Essential Functions:

Although the position refers to a regular 40h per week job, one will be part of the team that provides a 7 day per week, 24 hour per day managed services operations. To accomplish the required coverage, one must be willing to work other shifts including weekends, holidays, and even overtime.

The above primary duties, responsibilities, and position requirements are not all inclusive.

Who we are:

PR Svetozarevo SOC Jagodina is a startup, providing Security Operations (SOC) Service to our clients.

Zahtevi

Neophodno znanje engleskog jezika.

Kako se prijaviti

Prijave za posao i CV slati na e-mail:  goran.kusic@svesoc.co.rs

Detaljnije

Apliciraj za ovaj posao

Prijavite se na NEWSLETTER

Unesite Vašu email adresui

Omogućio FeedBurner

REKLAMA

Kontakt

Pišite nam na email: info@brzodoposla.com

Povežite se sa nama

Poslovi po lokaciji!

REKLAMA