Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.
Vakante Jobangebote finden Sie unter Projekte.
SOC Analyst
Eingestellt von Sanderson Recruitment Plc
Gesuchte Skills: Network, Oracle, Linux, Support
Projektbeschreibung
My client is an international telecommunications business and I am urgently looking for 2 Security Operations Centre (SOC) Analysts to be based on site at their client in Luxembourg. This role is a day rate contract and will be for an initial 6 months.
To support DIGIT LISO, DIGIT is looking for a senior Information System SecurityTechnician (ISST) for delivering the following tasks:
-
PERFORM SECURITY EVENT MONITORING (SECURITY ANALYSIS LEVEL 2) FOR THE COMPONENTS MONITORED BY THE SOC
-
Perform second level security events analysis of systems under monitored by DIGIT Security Operations Centre.
Events to review will include many type of components such as Oracle DBs, Solaris/Linux Servers, Windows and Exchange Servers, Network security devices - Firewall, Proxies, Intrusion Detection Systems, Middle-Ware systems (Weblogic application Servers, coldfusion).
However, the senior Information System Security Technician (ISST) will be specifically focus on network components such as Firewalls, Proxies, Web application Firewalls, Intrusion Detection systems, network behaviour analysis devices, network forensics solutions.
The main tasks of a security analyst level 2 are to
-
Review the Security Information and Event Management (SIEM) tool interface, as the tool correlates and aggregates alert data from multiple systems and device logs,
-
perform an exhaustive daily analysis of events/alerts received, by prioritising events review activities,
-
detect and assess alert severity and escalate to the next level or operational team as needed following guidelines
-
support the next escalation level in assessing the alert
-
follow-up escalated issues (mostly alerts escalated from level 1) for deeper assessment,
-
follow approved events review processes and procedures
-
propose improvements to events review processes and procedures
-
Develop/maintain/improve SOC processes and procedures framework
-
prepare review reports
-
prepare activity reports
-
Submit an End-of-Shift Report summarizing activities for the shift
-
Respond to inbound phone (SOC line) and electronic requests
The following events will have to be reviewed and investigated (non exhaustive):
* Excessive logon attempts failures by single or multiple accounts
* Logons at unusual/non-duty hours
* Unusual or suspicious patterns of activity
-
Account management actions such as create users and add users to groups
-
Unsolicited password resets
-
Unsolicited resources permissions modification (ex: access control permissions modification)
-
Use of privileged user rights (Use of privileged commands)
-
Changes to system configuration (configuration files/registry ...), including modification of the filtering rules for a network filtering component,
-
Execution of unknown or unauthorised programs
-
Attempt to circumvent auditing
-
Unplanned system restarts and changes to system time
-
Changes to system security policy
-
Change to security domains (ex: create of break trust relationships)
-
Using other users credentials
-
Logging interactively with daemon/services account credentials
-
Misuse of privileges (processing data without authorisation)
-
Unauthorised use of console ports
-
Unauthorised change to system configuration (hardware and software components/storage structure)
-
Unauthorised export to media/backup of information
-
Failed attempts to access information indicating a possible pattern of deliberate browsing
-
Attempt to use unauthorised accounts or rights
-
Attempt to access unauthorised resources (hosts, files, services )
-
Account lockouts
In addition to events reviewed previously, the activity will be reviewed for the following:
-
Unusual or unauthorized activity by System Administrators
-
All system and security administration actions in particular
-
Account management activities
-
System Object access
-
Sensitive Process start and stop
-
PARTICIPATE IN THE MANAGEMENT/ADMINISTRATION OF THE COMPONENTS UNDER THE RESPONSIBILITY OF DIGIT SECURITY OPERATIONS CENTRE
This includes (but is not limited to) the following components:
-
VMWare
-
Windows Servers
-
Linux Servers
-
NetAPP FAS Storage (NAS)
-
Oracle Database
-
ArcSight SIEM components (Logger, log forwarders, smart connectors, ESM, DB, Clients...)
-
IDS/NBA
-
Vulnerability scanning solutions
-
Network/systems forensics solutions
The main activities will be to design, implement, operate, maintain and improve SOC detection capabilities. This includes developing/configuring/defining configuration policies, signatures, applying them and analysing the outcome.
-
PARTICIPATING IN THE IMPROVEMENT OF THE DETECTION MEASURES
The security analyst level 2 is also in charge of
-
proposing and implementing improvements in the SIEM tool such as the creation and use of Rules, Channels, Filters, Dashboards, etc.;
-
proposing improvement is the measures implemented for detecting attacks
-
PARTICIPATING IN THE EVALUATION SECURITY SOLUTIONS
Participate in evaluating security solutions during POCs by developing tests environments, integrating solutions, running tests scenarios and generating results reports.
-
5. EDUCATION, KNOWLEDGE, SKILLS AND EXPERIENCE
-
Mastering a recognised common body of knowledge in the field of IT security (holding a security certification such as CISSP) or become CISSP within 18 month period after starting date (training should be followed within 6 month after starting date)
-
Experienced in security monitoring and/or incident handling, SANS GICH certification is a real advantage
-
Security vendors or GIAC, GCIA, GCFW, GHTO, GSEC certification desirable
-
University degree or equivalent experience, in a relevant subject
-
Very good command of English and French (written and spoken)
-
Ability to participate in meetings, good communicator
-
Strong teamwork abilities
-
Experience working in a process-oriented workflow environment
-
Ability to work well under pressure, meeting multiple deadlines
-
Ability to work independently with minimum supervision
-
Strong capabilities of self learning
-
Potential to develop skills and learn new technologies;
-
Enthusiasm and motivation to work are mandatory skills;
-
Strong experience in Network Security (eg security aspects of TCPIP, Cisco Switches and Routers, Firewalls, VPN, network security scanning tools, IDS/IPS, Bluecoat proxies, reverse-proxies, WAF, Netflow, WiFi, VoIP, PKI, network incident troubleshooting and handling).
-
Experience in:
-
Operating Systems Security (eg Windows family, UNIX/Linux).
-
Middleware and Application Security (eg Database Management Servers like Oracle or SQL Server, Web Servers
-
Scripting languages (Perl, windows Scripting ...);
6. WORK ENVIRONMENT/CONDITIONS
Most of the time: Normal working hours/Monday-Friday
To support DIGIT LISO, DIGIT is looking for a senior Information System SecurityTechnician (ISST) for delivering the following tasks:
-
PERFORM SECURITY EVENT MONITORING (SECURITY ANALYSIS LEVEL 2) FOR THE COMPONENTS MONITORED BY THE SOC
-
Perform second level security events analysis of systems under monitored by DIGIT Security Operations Centre.
Events to review will include many type of components such as Oracle DBs, Solaris/Linux Servers, Windows and Exchange Servers, Network security devices - Firewall, Proxies, Intrusion Detection Systems, Middle-Ware systems (Weblogic application Servers, coldfusion).
However, the senior Information System Security Technician (ISST) will be specifically focus on network components such as Firewalls, Proxies, Web application Firewalls, Intrusion Detection systems, network behaviour analysis devices, network forensics solutions.
The main tasks of a security analyst level 2 are to
-
Review the Security Information and Event Management (SIEM) tool interface, as the tool correlates and aggregates alert data from multiple systems and device logs,
-
perform an exhaustive daily analysis of events/alerts received, by prioritising events review activities,
-
detect and assess alert severity and escalate to the next level or operational team as needed following guidelines
-
support the next escalation level in assessing the alert
-
follow-up escalated issues (mostly alerts escalated from level 1) for deeper assessment,
-
follow approved events review processes and procedures
-
propose improvements to events review processes and procedures
-
Develop/maintain/improve SOC processes and procedures framework
-
prepare review reports
-
prepare activity reports
-
Submit an End-of-Shift Report summarizing activities for the shift
-
Respond to inbound phone (SOC line) and electronic requests
The following events will have to be reviewed and investigated (non exhaustive):
* Excessive logon attempts failures by single or multiple accounts
* Logons at unusual/non-duty hours
* Unusual or suspicious patterns of activity
-
Account management actions such as create users and add users to groups
-
Unsolicited password resets
-
Unsolicited resources permissions modification (ex: access control permissions modification)
-
Use of privileged user rights (Use of privileged commands)
-
Changes to system configuration (configuration files/registry ...), including modification of the filtering rules for a network filtering component,
-
Execution of unknown or unauthorised programs
-
Attempt to circumvent auditing
-
Unplanned system restarts and changes to system time
-
Changes to system security policy
-
Change to security domains (ex: create of break trust relationships)
-
Using other users credentials
-
Logging interactively with daemon/services account credentials
-
Misuse of privileges (processing data without authorisation)
-
Unauthorised use of console ports
-
Unauthorised change to system configuration (hardware and software components/storage structure)
-
Unauthorised export to media/backup of information
-
Failed attempts to access information indicating a possible pattern of deliberate browsing
-
Attempt to use unauthorised accounts or rights
-
Attempt to access unauthorised resources (hosts, files, services )
-
Account lockouts
In addition to events reviewed previously, the activity will be reviewed for the following:
-
Unusual or unauthorized activity by System Administrators
-
All system and security administration actions in particular
-
Account management activities
-
System Object access
-
Sensitive Process start and stop
-
PARTICIPATE IN THE MANAGEMENT/ADMINISTRATION OF THE COMPONENTS UNDER THE RESPONSIBILITY OF DIGIT SECURITY OPERATIONS CENTRE
This includes (but is not limited to) the following components:
-
VMWare
-
Windows Servers
-
Linux Servers
-
NetAPP FAS Storage (NAS)
-
Oracle Database
-
ArcSight SIEM components (Logger, log forwarders, smart connectors, ESM, DB, Clients...)
-
IDS/NBA
-
Vulnerability scanning solutions
-
Network/systems forensics solutions
The main activities will be to design, implement, operate, maintain and improve SOC detection capabilities. This includes developing/configuring/defining configuration policies, signatures, applying them and analysing the outcome.
-
PARTICIPATING IN THE IMPROVEMENT OF THE DETECTION MEASURES
The security analyst level 2 is also in charge of
-
proposing and implementing improvements in the SIEM tool such as the creation and use of Rules, Channels, Filters, Dashboards, etc.;
-
proposing improvement is the measures implemented for detecting attacks
-
PARTICIPATING IN THE EVALUATION SECURITY SOLUTIONS
Participate in evaluating security solutions during POCs by developing tests environments, integrating solutions, running tests scenarios and generating results reports.
-
5. EDUCATION, KNOWLEDGE, SKILLS AND EXPERIENCE
-
Mastering a recognised common body of knowledge in the field of IT security (holding a security certification such as CISSP) or become CISSP within 18 month period after starting date (training should be followed within 6 month after starting date)
-
Experienced in security monitoring and/or incident handling, SANS GICH certification is a real advantage
-
Security vendors or GIAC, GCIA, GCFW, GHTO, GSEC certification desirable
-
University degree or equivalent experience, in a relevant subject
-
Very good command of English and French (written and spoken)
-
Ability to participate in meetings, good communicator
-
Strong teamwork abilities
-
Experience working in a process-oriented workflow environment
-
Ability to work well under pressure, meeting multiple deadlines
-
Ability to work independently with minimum supervision
-
Strong capabilities of self learning
-
Potential to develop skills and learn new technologies;
-
Enthusiasm and motivation to work are mandatory skills;
-
Strong experience in Network Security (eg security aspects of TCPIP, Cisco Switches and Routers, Firewalls, VPN, network security scanning tools, IDS/IPS, Bluecoat proxies, reverse-proxies, WAF, Netflow, WiFi, VoIP, PKI, network incident troubleshooting and handling).
-
Experience in:
-
Operating Systems Security (eg Windows family, UNIX/Linux).
-
Middleware and Application Security (eg Database Management Servers like Oracle or SQL Server, Web Servers
-
Scripting languages (Perl, windows Scripting ...);
6. WORK ENVIRONMENT/CONDITIONS
Most of the time: Normal working hours/Monday-Friday
Projektdetails
Geforderte Qualifikationen
-
Kategorie:
IT Entwicklung, Sonstiges