Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.

Security Analyst - SOC Security Operations Centre

Eingestellt von IQ ESM

Gesuchte Skills: Network, Oracle, Linux, Sql

Projektbeschreibung

Security Operations Analyst/SOC Analyst required for a 12 month contract in Luxembourg. Candidate will need to be bi-lingual with written and spoken French and English. Ideal candidates will need to be able to interpret information coming out of SIEM and be able to refine SIEM configuration to improve alerting information.

Full Job Spec:
1) Perform second level security events analysis of systems under monitored by the Security Operations Centre.

The Security Analyst will be specifically focus on network components such as Firewalls, Proxies, Web application Firewalls, Intrusion Detection systems, network behaviour analysis devices, network forensics solutions.

They may also get involved with events to review many type of components such as Oracle DBs, Solaris/Linux Servers, Windows and Exchange Servers, Network security devices - Firewall, Proxies, Intrusion Detection Systems, Middle-Ware systems (Weblogic application Servers, coldfusion).

The main tasks of a security analyst level 2 are to:

-Review the Security Information and Event Management (SIEM) tool interface, as the tool correlates and aggregates alert data from multiple systems and device logs,
-perform an exhaustive daily analysis of events/alerts received, by prioritising events review activities,
-detect and assess alert severity and escalate to the next level or operational team as needed following guidelines
-support the next escalation level in assessing the alert
-follow-up escalated issues (mostly alerts escalated from level 1) for deeper assessment,
-follow approved events review processes and procedures
-propose improvements to events review processes and procedures
-Develop/maintain/improve SOC processes and procedures framework
-prepare review reports
-prepare activity reports
-Submit an End-of-Shift Report summarizing activities for the shift
-Respond to inbound phone (SOC line) and electronic requests

The following events will have to be reviewed and investigated (non exhaustive):

* Excessive logon attempts failures by single or multiple accounts
* Logons at unusual/non-duty hours
* Unusual or suspicious patterns of activity

-Account management actions such as create users and add users to groups
-Unsolicited password resets
-Unsolicited resources permissions modification (ex: access control permissions modification)
-Use of privileged user rights (Use of privileged commands)
-Changes to system configuration (configuration files/registry), including modification of the filtering rules for a network filtering component,
-Execution of unknown or unauthorised programs
-Attempt to circumvent auditing
-Unplanned system restarts and changes to system time
-Changes to system security policy
-Change to security domains (ex: create of break trust relationships)
-Using other users credentials
-Logging interactively with daemon/services account credentials
-Misuse of privileges (processing data without authorisation)
-Unauthorised use of console ports
-Unauthorised change to system configuration (hardware and software components/storage structure)
-Unauthorised export to media/backup of information
-Failed attempts to access information indicating a possible pattern of deliberate browsing

*Attempt to use unauthorised accounts or rights
*Attempt to access unauthorised resources (hosts, files, services)
-Account lockouts

In addition to events reviewed previously, the activity will be reviewed for the following:

-Unusual or unauthorized activity by System Administrators
-All system and security administration actions in particular
-Account management activities
-System Object access
-Sensitive Process start and stop

2) PARTICIPATE IN THE MANAGEMENT/ADMINISTRATION OF THE COMPONENTS UNDER THE RESPONSIBILITY OF THE SECURITY OPERATIONS CENTRE

This includes (but is not limited to) the following components:

-VMWare
-Windows Servers
-Linux Servers
-NetAPP FAS Storage (NAS)
-Oracle Database
-ArcSight SIEM components (Logger, log forwarders, smart connectors, ESM, DB, Clients...)
-IDS/NBA
-Vulnerability scanning solutions
-Network/systems forensics solutions

The main activities will be to design, implement, operate, maintain and improve SOC detection capabilities. This includes developing/configuring/defining configuration policies, signatures, applying them and analysing the outcome.

3) PARTICIPATING IN THE IMPROVEMENT OF THE DETECTION MEASURES

The security analyst level 2 is also in charge of

-proposing and implementing improvements in the SIEM tool such as the creation and use of Rules, Channels, Filters, Dashboards, etc.;
-proposing improvement is the measures implemented for detecting attacks

4) PARTICIPATING IN THE EVALUATION SECURITY SOLUTIONS

Participate in evaluating security solutions during POCs by developing tests environments, integrating solutions, running tests scenarios and generating results reports.

5) EDUCATION, KNOWLEDGE, SKILLS AND EXPERIENCE

-Mastering a recognised common body of knowledge in the field of IT security (holding a security certification such as CISSP) or become aiming to become CISSP
-Experienced in security monitoring and/or incident handling, SANS GICH certification is a real advantage
-Security vendors or GIAC, GCIA, GCFW, GHTO, GSEC certification desirable
-University degree or equivalent experience, in a relevant subject
-Very good command of English and French (written and spoken)
-Ability to participate in meetings, good communicator
-Strong teamwork abilities
-Experience working in a process-oriented workflow environment
-Ability to work well under pressure, meeting multiple deadlines
-Ability to work independently with minimum supervision
-Strong capabilities of self learning
-Potential to develop skills and learn new technologies;
-Enthusiasm and motivation to work are mandatory skills;
-Strong experience in Network Security (eg security aspects of TCPIP, Cisco Switches and Routers, Firewalls, VPN, network security scanning tools, IDS/IPS, Bluecoat proxies, reverse-proxies, WAF, Netflow, WiFi, VoIP, PKI, network incident troubleshooting and handling).

Experience in:

-Operating Systems Security (eg Windows family, UNIX/Linux).
-Middleware and Application Security (eg Database Management Servers like Oracle or SQL Server, Web Servers
-Scripting languages (Perl, windows Scripting);

Interquest Group PLC is acting as an Employment Business in relation to this vacancy.

Projektdetails

  • Einsatzort:

    Luxemburg

  • Projektbeginn:

    asap

  • Projektdauer:

    12 months

  • Vertragsart:

    Contract

  • Berufserfahrung:

    Keine Angabe

Geforderte Qualifikationen

IQ ESM