This position is responsible for working in SGS Security Operation Center (SOC) environment and investigating security alerts. Provides analysis and trending of security log data from a large number of heterogeneous security devices on the SGS network. Provides Incident Response (IR) support when analysis confirms actionable incident. Additional activities include vulnerability assessments / pentest, SDE review, IAM and participation in POCs.
- Responsible for working in a 24x7 Security Operation Center (SOC) environment in shifts.
- Monitor, investigate and respond to security alerts from SIEM / log management and various security controls / tools such as Firewall, secure email gateway, endpoint security, WAF, IDS/ IPS and DLP, etc.
- Provide Incident Response (IR) support when analysis confirms an actionable incident and build rules, dashboards and reports in SIEM.
- Process and manage requests for various security services, for example, responding to security inquiries from affiliates/ stakeholders, reviewing malicious or blocked attachments or websites, reviewing firewall change requests, performing vulnerability scans, etc.
- Support technical security assessments, self-phishing and cyber security awareness activities.
- Provide threat and vulnerability analysis services, for example, analyze and respond to unknown or previously undisclosed software and hardware vulnerabilities.
- Ensure that service operations best practices are being observed and applied.
- Support the development of SOC processes, documentation, metrics, and reporting.
- Develop and suggest new Operating Procedures or changes to existing ones as needed
- Report to IT Management and stakeholders any major incident that could significantly impact the business
- Bachelor's degree in Computer Science, Computer Engineering, IT Security or a related field; alternatively equivalent demonstrated knowledge.
- Highly technical with at least 5 years of relevant experience in IT Security / IT Operations and at least 3 years experience as a Security Analyst with global companies.
- Professional certifications such as ITIL, CompTIA Security+, CompTIA CySA+ , EC-Council Certified Ethical Hacker (CEH) will be a plus
- Experience with SIEM / SOAR platforms, firewalls and intrusion detection / prevention systems and security operations.
- Experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, secure email gateway logs or intrusion prevention logs.
- Experience with packet analysis (wireshark) and malware analysis preferred
- Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics.
- Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
- Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)Language/Structured Query Language [PL/SQL]
- Knowledge of network protocols (e.g. Transmission Control Protocol and Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]) and directory services (e.g., Domain Name System [DNS]).
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP], Open System Interconnection model [OSI], Information Technology Infrastructure Library [ITIL]).
- Knowledge of common network tools (e.g., ping, traceroute, nslookup)
- Knowledge of cyber defense policies, procedures, and regulations
- Knowledge of the common attack vectors on the network layer.
- Knowledge of host/network access controls (e.g., access control list)
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
- Attention to detail and strong communicator.