- Check signatures from security tools and equipment to identify threats and false positives and also identify the required SIEM sensors appropriate to the organization and receive input from them. And escalate/share events (upon request)
- Monitor and analyze logs and events daily, to determine whether any events could constitute a genuine security incident.
- Follow-ups the process of requests for the incident and ensures that relevant managers are kept informed.
- Collection, documentation and Provide efficient reports, dashboards and data visualizations for managers that will help in the decision-making process, also prepare daily data reports for the relevant manager.
- Part of security incident response team to handle important security incidents/alerts, investigate the root cause in collaboration with other Security teams, establish corrective controls and minimize the impact.
- The candidate will be responsible for creating, maintaining, and updating Cyber threat Dashboards used to support SOC Operations, Threat Hunting, Cyber threat intelligence operations and executive dashboards on cyber operations performance.
- Work with Splunk Enterprise Security.
- To research and incorporate the latest international trends in security operation management.
- Document all incidents and create a clear narrative that supports their conclusions
- At least three years experience in network and information security (including one year experience in Splunk)
- Good knowledge of SIEM tools, architecture and how they work.
- Experience in troubleshooting and managing firewall and IPS technologies (e.g. Cisco, Fortinet, Sophos, Juniper)
- A demonstrated knowledge of security protocols and technologies, IT security controls associated with firewalls, email, web, endpoints, operating systems, IPS/IDS, cryptography, networks etc.
- High integrity, responsibility, honesty and professionalism.
- Good Knowledge of English.
- Work in a team environment.
- Experience with the installation integration, evaluation, enhancement, maintenance, testing, and problem-solving for Splunk Indexers/Searches/Reports/Dashboards.
- Fluent in network security and familiar with Malware Analysis
- Certified in Security +/SSCP, CCNA Sec, SANS 504, SANS 503, Splunk Courses, CEH
- Strong communication skills.
- Security Operations support experience.
- Knowledge of security standards such as ISO27001, ISO22301, PCI-DSS