• Monitor, review, and investigate events generated by the SIEM on a daily basis.
• Create trouble tickets for reported issues.
• Initial classification & severity labeling of each new incident
• Develop and deploy IDS signatures based on various threats.
• Investigate triggered signatures from various security tools and appliances to identify threats and false positives.
• Recognize potential, successful, and unsuccessful intrusion attempts and perform careful analyses of relevant event detail and summary information.
• Write custom scripts to automate certain tasks.
• Perform vulnerability scanning to discover and analyze vulnerabilities and characterize risks to information system components.
• Recommend appropriate remedial actions to mitigate identified security vulnerabilities.
Requirements
• A Bachelor's Degree in Computer Science, Information Technology or Information Security (Master's Degree preferred).
• Minimum 3 years of experience with the incident response process, including detecting advanced adversaries, log analysis using SIEM tools, and malware triage.
• Requires technical knowledge in Information security standards and protocols, as well as an understanding of cyberspace threats and Vulnerabilities.
• Experience in deploying IDS/IPS technologies.
• Experience in deploying and operating vulnerability scanning infrastructure and services.
• Strong knowledge of SIEM Tools.
• Candidate should be able to write advanced SIEM queries and create reports.
• Candidate should be able to monitor and track multiple issues simultaneously.
• Candidate should be able to present analysis results and findings in an organized and professional manner.