Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.
Vakante Jobangebote finden Sie unter Projekte.
Senior SOC Analyst
Eingestellt von Capital International Staffing Ltd
Gesuchte Skills: Support, Network, Oracle, Ip
Projektbeschreibung
Triage involves assessing whether a security incident or the level of exposure of a vulnerability is a true or false positive, tagging the vulnerability or incident with an initial severity classification and to activate the corresponding incident response playbook entry. Another objective of this service is to follow pre-defined procedures to perform technical tasks related to identity and access management.
Reference Tasks
The following list of tasks applies to this reference profile:
*Real Time monitoring of cyber defence and intrusion detection systems
*Automatic-based processing (centralisation, filtering and correlation) of security events
*Human-based analysis of automatically correlated events
*Processing of incoming warnings, alerts and reports
*Triage based on verification, level of exposure and impact assessment
*Categorize events, incidents and vulnerabilities based on relevance, exposure and impact
*Open tickets and ensure case management
*Activate initial response plan based on standard playbook entries
*Maintain incident response address book
*Provide support to incident responders
*Advise affected users on appropriate course of action
*Monitor open tickets for incidents/vulnerabilities from start to resolution
*Escalate unresolved problems to higher levels of support, including the incident response and vulnerability mitigation teams
*Configure the SIEM components for an optimal performance
*Improve correlation rules to ensure that the monitoring policy allows an efficient detection of potential incidents. For a new component to be monitored, this encompasses
OAnalysing risks and security policy requirements
OTranslating them into technical events targeting the system components
OIdentifying the required logs/files/artefacts to collect from the monitored system and if necessary, possible complementary devices to deploy
OElaborating the relevant detection and correlation rules
OImplementing these rules in the SIEM infrastructure
OConfiguring and tuning cyber-defence solutions
OReviewing and improving the monitoring policy on a regular basis
*Integrate cyber-defence solutions for efficient detection
*Define dashboards and reports for reporting on KPIs.
*Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions
*Contribute to the design of the overall monitoring architecture, in close relationship with the customers/system owners, on the one hand, and the security operations engineering team, on the other hand, by performing the following tasks:
OAssessment of security events detection solutions, development of solutions;
OIntegration of these solutions within the security monitoring scheme (log collection architecture, interoperability, formats, network aspects, );
ODeployment and validation of the solutions;
ODraft documentation such as architecture design descriptions, assessment reports, configuration guides, security operating procedures
*Produce and maintain accurate and up-to-date technical documentation, including processes and procedures (so called playbook), related to security incidents and preventive maintenance procedures
*Management of identities and its related user accounts
*Management of groups, roles and other means of authorisation
*Solve incidents, requests and problem tickets from 1st Level Support or internal customers related to identity and access management
*Maintain accurate documentation
*During security incidents, implement detection means to monitor attacker activities in Real Time
*During security incidents, support the incident response team in the review/analysis of security logs and visualise the attack.
*Integrate IOCs in security solutions
*Take an active part in developing and improving the maturity framework, and have it understood and implemented by the team, by:
ODesigning and drafting SOC processes and procedures framework
OImplementing SOC processes and procedures, deploy collaborative tools and dashboards
OCoaching/training the team on the processes, procedures and tools
ORegularly auditing and reporting on maturity to the management
OReviewing and improving the framework
*Provide activity reports to management to demonstrate service SLA and service quality
Specific Requirements:
Minimum no of year experience in the following:
5 years as a SOC Analyst and/or first line incident responder
5 years in Windows security events analysis
5 years in security analysis of Firewall, Proxy and IDS logs
3 years in writing and optimising IDS signatures (preferably SNORT and/or Suricata
5 years of strong knowledge in the security analysis of applicable or Middleware logs (oracle, Apache, WebLogic)
3 years in writing and optimising yara rules
4 years in using SIEM tools
4 years in log management (Arcsight, Splunk or equivalent)
2 years in SNORT or Sourcefire NGIPS, fireSIGHT
3 years in checkpoint and juniper Firewalls
3 years in BlueCoat proxies
5 years in networking (TCP/IP, SNMP, DNS, Syslog-ng)
3 years in configuring and tuning a SIEM
4 years knowledge in network security solutions/technologies
4 years in knowledge of Host based security solutions
At least 1 certification in:
GCIH (GIAC Certified Incident Handler)
GCIA (GIAC Certified Intrusion Analyst)
ECIH (EC-Council Certified Incident Handler)
CSIH (SEI Certified Computer Security Incident handler)
SCPO (SABSA Certifed Security Operations & handler)
SCPO (SABSA Certifed Security Operations & Service Management Practitioner)
Capital International Staffing Ltd is acting as an Employment Business in relation to this vacancy.
Reference Tasks
The following list of tasks applies to this reference profile:
*Real Time monitoring of cyber defence and intrusion detection systems
*Automatic-based processing (centralisation, filtering and correlation) of security events
*Human-based analysis of automatically correlated events
*Processing of incoming warnings, alerts and reports
*Triage based on verification, level of exposure and impact assessment
*Categorize events, incidents and vulnerabilities based on relevance, exposure and impact
*Open tickets and ensure case management
*Activate initial response plan based on standard playbook entries
*Maintain incident response address book
*Provide support to incident responders
*Advise affected users on appropriate course of action
*Monitor open tickets for incidents/vulnerabilities from start to resolution
*Escalate unresolved problems to higher levels of support, including the incident response and vulnerability mitigation teams
*Configure the SIEM components for an optimal performance
*Improve correlation rules to ensure that the monitoring policy allows an efficient detection of potential incidents. For a new component to be monitored, this encompasses
OAnalysing risks and security policy requirements
OTranslating them into technical events targeting the system components
OIdentifying the required logs/files/artefacts to collect from the monitored system and if necessary, possible complementary devices to deploy
OElaborating the relevant detection and correlation rules
OImplementing these rules in the SIEM infrastructure
OConfiguring and tuning cyber-defence solutions
OReviewing and improving the monitoring policy on a regular basis
*Integrate cyber-defence solutions for efficient detection
*Define dashboards and reports for reporting on KPIs.
*Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions
*Contribute to the design of the overall monitoring architecture, in close relationship with the customers/system owners, on the one hand, and the security operations engineering team, on the other hand, by performing the following tasks:
OAssessment of security events detection solutions, development of solutions;
OIntegration of these solutions within the security monitoring scheme (log collection architecture, interoperability, formats, network aspects, );
ODeployment and validation of the solutions;
ODraft documentation such as architecture design descriptions, assessment reports, configuration guides, security operating procedures
*Produce and maintain accurate and up-to-date technical documentation, including processes and procedures (so called playbook), related to security incidents and preventive maintenance procedures
*Management of identities and its related user accounts
*Management of groups, roles and other means of authorisation
*Solve incidents, requests and problem tickets from 1st Level Support or internal customers related to identity and access management
*Maintain accurate documentation
*During security incidents, implement detection means to monitor attacker activities in Real Time
*During security incidents, support the incident response team in the review/analysis of security logs and visualise the attack.
*Integrate IOCs in security solutions
*Take an active part in developing and improving the maturity framework, and have it understood and implemented by the team, by:
ODesigning and drafting SOC processes and procedures framework
OImplementing SOC processes and procedures, deploy collaborative tools and dashboards
OCoaching/training the team on the processes, procedures and tools
ORegularly auditing and reporting on maturity to the management
OReviewing and improving the framework
*Provide activity reports to management to demonstrate service SLA and service quality
Specific Requirements:
Minimum no of year experience in the following:
5 years as a SOC Analyst and/or first line incident responder
5 years in Windows security events analysis
5 years in security analysis of Firewall, Proxy and IDS logs
3 years in writing and optimising IDS signatures (preferably SNORT and/or Suricata
5 years of strong knowledge in the security analysis of applicable or Middleware logs (oracle, Apache, WebLogic)
3 years in writing and optimising yara rules
4 years in using SIEM tools
4 years in log management (Arcsight, Splunk or equivalent)
2 years in SNORT or Sourcefire NGIPS, fireSIGHT
3 years in checkpoint and juniper Firewalls
3 years in BlueCoat proxies
5 years in networking (TCP/IP, SNMP, DNS, Syslog-ng)
3 years in configuring and tuning a SIEM
4 years knowledge in network security solutions/technologies
4 years in knowledge of Host based security solutions
At least 1 certification in:
GCIH (GIAC Certified Incident Handler)
GCIA (GIAC Certified Intrusion Analyst)
ECIH (EC-Council Certified Incident Handler)
CSIH (SEI Certified Computer Security Incident handler)
SCPO (SABSA Certifed Security Operations & handler)
SCPO (SABSA Certifed Security Operations & Service Management Practitioner)
Capital International Staffing Ltd is acting as an Employment Business in relation to this vacancy.
Projektdetails
Geforderte Qualifikationen
-
Kategorie:
IT Entwicklung, Sonstiges