Vulnerability Analyst
NeksJob Philippines
Baguio City, Cordillera Admin. Region (PH), PH
5d ago

The focus of the CSIRT Threat Analyst I is to proactively investigate security events in an effort to identify artifacts of a cyber-attack.

  • They will also be expected to participate in several different areas within Security Operations and Incident Response process;
  • these activities can include digital forensics, use case development, security control testing, and hunt plan development.

    The CSIRT Threat Analyst I will use data analysis, threat intelligence, and cutting-edge security technologies. Working within the Security Operations team, the CSIRT Threat Analyst I is responsible for reviewing system log events and data packets to proactively detect advanced threats that evade traditional security solutions.

    The purpose of the Cybersecurity Analyst III position is to support the Incident Response and Threat Intelligence group program for the company.

    The candidate must have a curious investigative mind, an interest in information security, and the ability to communicate complex ideas to varied audiences.

    Responsibilities :

  • Participate in the Cyber Security Incident Response Team (CSIRT). Help CSIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or reoccurrence by using risk-based triage.
  • Track threat actors, their tactics, techniques, and procedures (TTPs), and their associated Indicators of Compromise (IOCs)
  • Capture intelligence on threat actor TTPs / IOCs and coordinate with SecOps pods to develop countermeasures
  • Work with various internal teams to identify gaps in and expand coverage of endpoint, logging and network tooling to improve monitoring and response capabilities.
  • Ability to analyze data and communicate malicious behavior discoveries to non-technical consumers.
  • Investigate, triage, contain, and mitigate cybersecurity alerts and incidents using various cyber security tools such as : EDR, SIEM and CASB.
  • Determine nature and scale of threats and provide recommended containment actions
  • Create and tune data models and / or SIEM alerts for automated response orchestration and systemic improvement
  • Assist in Use Case Roadmap development and Use Case validation
  • Reviews threat intelligence reports and feeds, makes recommendations for profile or toolset changes based on reviews.
  • Perform threat hunting exercises by developing detection rules and analyzing cybersecurity data to discover activity not seen within the environment
  • Collaborate with internal stakeholders on addressing systemic security issues
  • Experience with one or more scripting languages (PowerShell, Python, Bash, etc.)
  • Conduct trending and correlation of various cyber intelligence sources for the purposes of indicator collection, shifts in TTPs, attribution and establishing countermeasures to increase cyber resilien"
  • A Bachelor's degree in computer science, engineering or a related discipline, or the equivalent combination of education, technical training or work / military experience.

  • 5+ years of Information Security / Risk Management experience
  • Intermediate understand of OSI model
  • Application, System and Network security best practice knowledge
  • Advanced knowledge and Work experience in Security Operations or related fields such as Audit, IT Security, or Business Continuity, however other IT disciplines are eligible
  • Technical knowledge to understand detailed issues around business continuity, security, and overall risk in IT. Able to have enough expertise to drive a solution and solve issues, addressing risk.
  • Experience managing a team in a high paced environment
  • One or more of the following certifications or ability to obtain one in near future : CEH, CISSP, CRISC, CISA, ECSA, CHFI, CFE, MCSE, CCNA, CCNP
  • Preferred Skills

  • Experience in a regulated (financial, pharmaceutical, health care, etc.) industry is highly desired.
  • Experience with regulatory requirements including but not limited to PCI-DSS, ISO2700, HIPAA, etc."
  • WAHA / Shifting Schedule

    40,000 (Open for Negotiation)

    Site : Alphaland

    Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form