— analysis and verification of security threat monitoring alerts to produce incident identification, classification and prioritization;
— create, improve and maintain security monitoring alerts based on correlation of different sources of data;
— operate and maintain various IDS/IPS working close with security/network architects to take security monitoring and defences to the next level;
— respond to security incidents and investigations working close with customers and IT providers, following SLA requirements;
— conduct forensics/malware analysis to extract indicators of compromise for further mitigation and containment, evaluating incident scope and impact;
— report to the SOC Manager and the involved customer CISO/CIO.
— computer/ Telecommunications Engineering degree or a related discipline;
— strong technical understanding of network fundamentals and common Internet protocols;
— knowledge of system administration and security architecture;
— a degree of familiarity with the main security monitoring tools (FW, IDS/IPS, Endpoint security, WAF, SIEM);
— fluent in English (written and spoken);
— self-motivated with the ability to work independently and as a team member in a challenging environment.
— proficient in understanding Operating Systems and their architectures: Windows, Unix/Linux, and OSX Operating Systems;
— programming or Scripting in Bash, Python or PowerShell;
— good understanding of Cyber security landscape:Cyber kill chain, TTP, Threat Intelligence and malware distribution networks;
— good understanding of information security concepts: defence in depth, BYOD management, data loss protection, risk assessment and security metrics;
— scripting in Bash, Python or PowerShell;
— strong analytical and problem-solving skills;
— strong communication and presentation skills along with the ability to work in a highly collaborative environment;
— exhibits initiative, follow-up and follow through with commitments;
— manages multiple priorities in a high-pressure environment;
— related Certification (GCIH, GCFA, GCFE, GREM, CISSP) is a plus.
The SOC analyst & incident handler role is a junior level position providing an opportunity to work in a fast-paced collaborative environment defending a variety of customers and their infrastructure from cyber threats. We are looking for someone who loves working in Information Security, who enjoys hunting the bad guys, protecting systems, identifying anomalies, who can think out of the box, who can understand what may happen if something is not working as expected.