Job Specifications
Main objective is to cooperate with multiple departments, technical and managerial personnel for the improvement of the security posture of the organization on multiple levels/layers (Network, software, apps, on prem and cloud infra, user training etc).
Main tasks to be performed
Real-time monitoring of cyber defence and intrusion detection systems
Automatic-based processing (centralization, filtering and correlation) of security events
Human-based analysis of automatically correlated events
Processing of incoming warnings, alerts and reports
Triage based on verification, level of exposure and impact assessment
Categorize events, incidents and vulnerabilities based on relevance, exposure and impact • Open tickets and ensure case management
Activate initial response plan based on standard playbook entries
Maintain incident response address book
Provide support to incident responders
Advise affected users on appropriate course of action
Monitor open tickets for incidents/vulnerabilities from start to resolution
Escalate unresolved problems to higher levels of support, including the incident response and vulnerability mitigation teams
Configure the SIEM components for an optimal performance
Improve correlation rules to ensure that the monitoring policy allows an efficient detection of potential incidents. For a new component to be monitored, this encompasses
Analyzing risks and security policy requirements
Translating them into technical events targeting the system components
Identifying the required logs/files/artefacts to collect from the monitored system and, if necessary, possible complementary devices to deploy
Elaborating the relevant detection and correlation rules oImplementing these rules in the SIEM infrastructure oConfiguring and tuning cyber-defence solutions
Reviewing and improving the monitoring policy on a regular basis
Integrate cyber-defence solutions for efficient detection
Define dashboards and reports for reporting on KPIs
Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions
Contribute to the design of the overall monitoring architecture, in close relationship with the customers/system owners, on the one hand, and the security operations engineering team, on the other hand, by performing the following tasks:
Assessment of security events detection solutions, development of solutions;
Integration of these solutions within the security monitoring scheme (log collection architecture, interoperability, formats, network aspects, …);
Deployment and validation of the solutions
Draft documentation such as architecture design descriptions, assessment reports, configuration guides, security operating procedures
Produce and maintain accurate and up-to-date technical documentation, including processes and procedures (so called playbook), related to security incidents and preventive maintenance procedures
Management of identities and its related user accounts
Management of groups, roles and other means of authorization
Solve incidents, requests and problem tickets from 1st Level Support or internal customers related to identity and access management
Maintain accurate documentation
During security incidents, implement detection means to monitor attacker activities in realtime
During security incidents, support the incident response team in the review/analysis of security logs and visualize the attack.
Integrate IOCs in security solutions
Take an active part in developing and improving the maturity framework, and have it understood and implemented by the team, by:
Designing and drafting SOC processes and procedures framework
Implementing SOC processes and procedures, deploying collaborative tools and dashboards
Coaching/training the team on the processes, procedures and tools
Regularly auditing and reporting on maturity to the management
Reviewing and improving the framework
Provide activity reports to management to demonstrate service SLA and service quality
Main Tools / Technologies
Splunk, MS Sentinel, edr/xdr (HX fireye, O365/M365 defender / xdr), Malware Analysis / Reverse Engineering (RemnUx/FlareVM / multiple tools), digital forensics (magnet forensics, Autopsy, sleuth kit, FTK imager, Encase and many other open source tools), Incident Response (TheHive, MISP), Automation (Palo Alto XSOAR), FPC (Arkime/Moloch, Stamus IDS),Ticketing Systems (OTRS Storm, SNOW), Cloud (Azure, AWS), Vuln Assessment/management: Nexpose, Nessus, Burp Suite Pro
About the Company
IT'S NOT RECRUITMENT. IT'S BUSINESS TRANSFORMATION.
We help businesses align their people, process and technology with their business strategy and vision.
Recruitment companies find people who fit the job spec. We find the people that drive business forward, combining talent with technology to ensure a perfect fit for your CONTRACT and PERMANENT needs.
AREAS:
* Business Change & Transformation
* Cloud & Enterprise
* Cyber Sec, Data Analytics & Tech
* ERP & Business Intelligence
VENDORS:
Workday, ServiceNow, Salesforce...
Know more