In close collaboration, build, adjust and implement analytics and detection rules for SIEM, EDR and AV
Under guidance, participate in cybersecurity architecture review of new or existing technical solutions and provide recommendations for improvement
Contribute to the preparation of KPIs for cybersecurity operations capabilities
Monitor and investigate alerts leveraging Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoint, Azure Security, Azure Sentinel and XDR)
Monitor and triage AWS security events and detections
Monitor and investigate alerts leveraging EDR solutions
Work with alerts from the CSOC Analysts, to perform in depth analysis and triage of network security threat activity based on computer and media events, malicious code analysis, and protocol analysis
Review trouble tickets generated by CSOC Analyst(s)
Identify incident root cause and take proactive mitigation steps
Assist with incident response efforts
Work directly with cyber threat intelligence analysts to convert intelligence into useful detection rules
Collaborate with incident response team to rapidly build detection rules and signatures as needed, as well as maintaining and improving existing detection rules
Perform lessons learned activities
Leverage emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
Review and collect asset data (configs, running processes, etc.) on these systems for further investigation.
Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose
Document actions in cases to effectively communicate information internally and to client
Determine and direct remediation and recovery efforts
Provide other ad hoc support as required
What we are looking for:
The resource MUST have the following skills and experience:
Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols
Deep knowledge of Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR)
Deep Knowledge of Cloud technologies (e.g. Azure, AWS and GCP)
Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, MS Sentinel, ELK Stack
Knowledge of at least one EDR solution (MS Defender for Endpoint, SentinelOne, CrowdStrike)
Knowledge of email security, network monitoring, and incident response
Knowledge of Linux/Mac/Windows
+5 years of relevant experience in information technology field, including triage of alerts and supporting security incident
Proven experience in reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
Proven experience on administering a SIEM platform, preferable either Splunk or Microsoft Sentinel SIEM
Expert knowledge of English
The resource SHOULD have the following skills and experience:
Proven knowledge of monitoring AWS environment (Iaas, Saas, Paas) Knowledge of at least one general-purpose or shell scripting language (e.g. Ruby, Bash, PowerShell, Python, etc.)
Required Soft Skills:
Excellent communication skills
Customer facing experience and oral communication skills
Ability to write documentation & reports
Creativity/ ability to find innovative solutions
Willingness to learn on the job
Conflict management & cooperation
Desirable certifications:
Technical certifications: MCSE, CCNA, Microsoft Azure (e.g., SC-200), GCIH, CEH, GCFA or any GIAC/similar certification
