● Monitor, review, and investigate events generated by the SIEM on a daily basis.
● Create trouble tickets for reported issues.
● Initial classification and severity labeling of each new incident.
● Develop and deploy IDS signatures based on various threats.
● Investigate triggered signatures from various security tools and appliances to identify threats and false positives.
● Recognize potential, successful, and unsuccessful intrusion attempts and perform careful analyses of relevant event detail and summary information.
● Write custom scripts to automate certain tasks.
● Perform vulnerability scanning to discover and analyze vulnerabilities and characterize risks to information system components.
● Recommend appropriate remedial actions to mitigate identified security vulnerabilities.
Requirements
● Familiar with the anatomy of attacks on different layers of standard TCP/IP model.
● Familiar with Log structure.
● Fluent in TCP/IP concepts (Network+).
● Mastering basic security concepts to a minimum level of Security+ and CEH.
● Familiar with SIEM and Log Analyzer technologies.
● Familiarity with enterprise network topology and architecture is a bonus.
● Ability to work in circular shifts as of 24/7.
● Fluent in English.
● Ability to prioritize and multitask.
● Self-Study capability and morality.
● Enough experience in teamwork.
● At least 2 years of experience in cyber security or network security.