Job Description
DESCRIPTION
We are pleased to announce the following vacancy for Analyst- Managed Security Operations Centre in the Managed Security Services Department within the EBU Division. In keeping with our current business needs, we are looking for a person who meets the criteria indicated below.
The Managed Security Operations Centre (MSOC) team is responsible for monitoring, assessing, and defending our MSOC clients Enterprise Information Systems. The team continuously develops and investigates correlated security event feeds, escalating any identified security incidents. They are the primary contact for any suspected security incidents, working together with the different customers remediation teams, resolving incidents, and foiling Cyber Security threats against our MSOC Customers Brand.
Reporting to the Senior Manager – Managed Security Services (MSS), the successful candidate will lend support in Cyber threat detection, working in 24/7 shifts, providing eyes-on-the-glass service, performing real-time monitoring and identification of security incidents. He/she will help identify suspicious activity, open incident investigation tickets and escalate any key concerns to the Level 2/3 for additional analysis & communication for the MSOC customers to action.
Key Responsibilities:
i. Work in 24*7 shifts performing real time monitoring of security alerts generated by various security tools deployed by Managed Security Operatins Centre.
ii. Proactively research and monitor security information to identify potential threats that may impact the organisation.
iii. Open and update incidents in SIEM case management tool to report the alarms triggered or threats detected. Analyst should properly include for each incident on SIEM case management all details related to the logs, alarms and other indicators identified in accordance with the intervention protocol of each client and the SLA.
iv. Develop and distribute information and alerts on required corrective actions to the respective clients.
v. Escalate validated and confirmed incidents to the client’s designated incident response team.
vi. Notify Client of incident and required mitigation works.
vii. Track and update incidents and requests based on client’s updates and analysis results.
viii. Fine-tune SIEM rules to reduce false positive and remove false negatives.
ix. Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation.
x. Work closely with Vulnerability Management and client designated incident response team.
xi. Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.
xii. Perform threat intel research.
xiii. Ability to run and understand Sandbox Static Analysis.
xiv. Ensures that every phase of a particular project proceeds as scheduled
xv. Presents new ideas to MSS executives in order to increase and enrich the MSS portfolio.
xvi. Support the commercial sales team in pitching the MSS solutions to the customer.
xvii. Provide support when required as the technical point of contact for existing product partners
xviii. Research market trends to find unmet needs
xix. Learn new attack patterns, actively participate in security forums.
QUALIFICATIONS
Technical Skill
i. Bachelor’s degree in Electrical Engineering/Computer Science/IT Security/Information Technology
ii. Knowledge of SIEM (Security Information and Event Management)
iii. Familiar with SQL, C, C++, C#, Java, or PHP programming languages
iv. TCP/IP, computer networking, routing, and switching
v. IDS/IPS, penetration and vulnerability testing
vi. Firewall and intrusion detection/prevention protocols
vii. Windows, UNIX, and Linux operating systems
viii. Network protocols and packet analysis tools
ix. Anti-virus, anti-malware and Shadow IT solutions
Non-technical Skill
i. Critical thinking and problem-solving abilities
ii. Capability to communicate and listen to needs from external and internal organizational stakeholders