Job Details
Job Description:
Required Qualifications:
Strong analytical and technical skills in computer network defense operations
Incident Handling (Detection, Analysis, Triage)
Hunting (anomalous pattern detection and content management).
Prior experience of investigating security events.
Should be able to distinguish incidents as opposed to non-incidents.
Working knowledge of operating systems network technologies (firewall, proxy, DNS, Netflow)
Active Directory
Network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS, etc.)
Common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
Desired Qualifications:
Relevant Certifications: CEH, CISSP, Security+, or related certification.
Bachelor's Degree in Information Technologies, Cyber Security, or a related field.
Experience with some/all: Cisco AMP, Sumo Logic, CounterTack, SIEM solutions, Kibana/Zeppelin, ThreatQ, FireEye Malware analysis, Snort, Suricata, SPLUNK Key Responsibilities:
Monitor for threats, analyze, and notify customer.
Working in a 24x7 Security Operation Center (SOC) environment.
Security Log analysis to detect attack origin, attack spread, attacker details, incident details.
Incident Response when analysis confirms actionable incident.
Analyze and respond to previously undisclosed software and hardware vulnerabilities.
Investigate, document, and report on incident.
Integrate and share information with other analysts and other teams.
Other tasks and responsibilities as assigned.
Interface with customers daily to consult with them on best security practices and help them mature their security posture.
The candidates should have:
Good verbal & written communication skills
Good understanding of networking concepts
Good understanding of Windows and Unix basics