• Administer and monitor SIEM environment in order to detect suspicious events and anomalous activity. • Perform security monitoring. • Onboarding of alerts into the SOC. • Create reports on gathered security data in order to provide visibility on the security posture to the different stakeholders. • Support or contribute the different levels of the incident response process in case of confirmed incidents. • Support and contribute the execution of incident simulation exercises for validation and improvement of the overall incident response capabilities. • Operate and optimize security processes and tools. • Maintain security records of monitoring and incident response activities. • Produce situational and incident-related reports. • Create, Modify, and Update Network Intrusion Detection Systems (IDS). • Create, Modify, and Update Host Intrusion Detection Systems (IDS). • Monitor network traffic to detect potential threats. • Correlate actionable security events from various log sources and Threat Intelligence (TI). • Track suspicious network, application, and user behavior. • Investigate breaches, gather evidence, and analyze data. • Participate in team problem solving efforts and offer ideas to solve the issues. • Participate in implementing international IT and Information Security frameworks (e.g. ISO 27001/27002, NIST, CIS CSC). • Participate in risk assessment activities.
General qualifications: • 3+ years of operational experience in Information Technology & InformationSecurity. • Good written and verbal communication skills in English • University Degree in Computer Science, Computer Engineering or other relevant field. • Certifications such as CEH, Security+, ISO 27K, SANS would be considered as an asset. • Good interpersonal communication and presentation skills. • Ability to be a team player. • Ability to work effectively in multiple cultures and at a range of levels. • Ability to constantly build up skillset using a mix of self-motivated and course based learning environment. • Ability to work independently, proactively to see the big picture and work through solutions as needed. • Good knowledge of Windows, Linux, data bases (MySQL, no-SQL), antimalware, IDS and other security technologies. • Basic understanding of virtualization and software-defined data center concepts. • Knowledge of OSI reference model and networking fundamentals (switching, routing, load- balancing, firewalling). • Understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS. • Basic understanding of cryptographic functionality within such protocols would be of advantage. • Familiar with Security Regulations and Standards Technical qualifications: • Strong understanding of Information Security • Good knowledge of NGFW, IDS/IPS, endpoint security etc. • Deep Understanding of Risk Management Framework • Familiar with Security Regulations and Standards. • Deep knowledge of network security monitoring. • Deep knowledge of host security monitoring. • Good knowledge of Threat Intelligence. • Experience with international IT and Information Security frameworks (e.g.ISO 27001/27002, NIST, CIS CSC) and ideally with IT audit practices is an advantage. • Experience with SIEM or any other log analysis solutions. • Experience with digital forensics and malware analysis would be an advantage.
Register for free Use
and speed up job searching