- Candidates will have 1-3 years of experience as a Security/Network Administrator or equivalent knowledge.
- Knowledge of attack vectors (malware, web application, social engineering, etc).
- Knowledge of TPC/IP Protocols, network analysis, and network/security applications
- Knowledge of various security methodologies and processes, and technical security solutions (SIEM, IPS/IDS, Firewall solutions)
- Foundational knowledge around IT Infrastructure (Network or Windows).
- Effective written and verbal communication skills with good analytical skills
- Responsible for working in a 24x7 Security Operation Center (SOC) Environment
- Monitor security email queues
- Perform analysis of log files and data outputs. Perform triage of incoming issues via email and ticket tracking system.
- Monitor SOC Hotline for general security related queries
- Monitoring and escalating logged Security Events
- Provide incident Response (IR) support as needed
- Provide analysis based on threat and vulnerability reports.
- Monitoring log streaming continuity
- Provide tuning recommendations of security tools based on traffic patterns.
- Identify malicious or anomalous activity based on event data from firewalls, WAF, IPS, Proxy, Email Gateway, DLP, Endpoint Solutions and other sources.
- Initiating escalation procedures if triggers and threshold are met.
SOC Operations: operate SIEM environment in a manner that meets all Service Recipient requirements, including:
- Minimizing cyber security attacks with the ability to capture, load and analyze all types of Security Events in near-real-time
- Defining collection points and tuning rules as needed to avoid false positives
- Monitoring Services and reacting to triggered alerts
- Running correlated rules against historical data
- Monitoring threat feeds, the latest vulnerabilities and the latest security news items
- Checking for a false positive before alerting Service Recipient of a Security Event
- Prior experience with one or more of the following tools: SIEM, Firewall, AV, IPS/IDS, WAF, Proxy and Email Security.
- Experience with cloud-based systems such as AWS
- Relevant certificates Security+, CySA+, CEH or related certification.