Security Analyst / Engineer

Position Security Analyst / Engineer

Work location India (Offshore) and Kuwait (Onsite)

Mandatory skills set Sentinel / IBM Qradar

Experience: 3+ years

• Certified experience in Enterprise Managed Security Services
• Experience with SIEM solution including log management configuration, log correlation, log analysis and log archival processes.
• Experience in monitoring and analyzing data feeds of events and logs from firewalls, routers, and other network devices or hosts for security violations.
• Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Research and document threats and their behavior.
• Knowledge in all aspects of cyber threat management including cyber forensics, incident response, antivirus & patch management.
• Strong understanding of ICS Security technologies including data diodes, and ICS protocols such as ICCP, MODBUS, OPC, etc.
• Knowledge with automated scanners tool (e.g. Nessus)
• Knowledge with Exploitation Tools (e.g. Metasploit, Karmetasploit)
• Knowledge with Network Tools (e.g. Nessus, WireShark)
• Knowledge of security frameworks, standards and leading practices including but not limited to ISO 27001, OWASP, NIST Cybersecurity Framework.
• Experience in the following security/Network solutions is added value:
• Endpoint
• Antispam
• Firewall
• IPS
• WAF
• Proxy, etc.

Mandatory - Experience in Information Security & SOC operations

Activities

• Perform active real-time security monitoring
• Security event detection, triage and threat analysis for complex and/or escalated security events
• Provide log/network/malware/device analysis and making recommendations for remediation of security vulnerability conditions
• Ensure threat intelligence feeds are appropriately utilized by security devices within Customers infrastructure
• Develop SIEM use cases based on Company's IT & OT infrastructure assets
• Manage SIEM administration & fine tuning/ optimization related activities
• Provide on-job training to Information Security resources
• Provide analysis and trending of security log data from many heterogeneous IT security devices
• Provide threat and vulnerability analysis as well as security advisory services
• Analyze and respond to previously undisclosed software and hardware vulnerabilities
• Investigate, document, and report on information security issues and emerging trends
• Integrate and share information with other analysts and other teams
• Other tasks and responsibilities as assigned by Information security team
• Assist Entry-Level SOC analysts to help them build stronger skills
• Provide coverage to perform various work schedules and perform monitoring
• duties during resource shortage
• Assist assigned supervisors from reporting, projects, administrative work as needed
• Review SOC Analyst ticket queue, review tickets, closure or reassignment as needed
• Create/review/modify documentation as needed, to include any process or procedure and thus ensure its up to date and standard
• Update the whiteboard or any relevant POC information
• Assume maintenance and responsibility of the SOC mailbox example (but not limited to): Ensure entry of outage tickets, ensure there are no emails to triage or vulnerability managers to call back on, etc.
• Timely updates/closures of Change management calendar
• Develop Monthly/Weekly SOC Reports
• Respond to SOC incoming phone calls and triaging phone calls that are not related to monitoring
• Create daily Shift Handoff notes and summary and send to all shifts
• Perform SOC White Board daily/weekly updates
• Perform other duties as assigned by Team Leads and/or Operations Manager
• Investigate all security incidents and perform proper investigation and report it according to the escalation procedure and follow up till incident closure.
• Handle all threat intel notifications received regardless of the source
• Handle all brand monitoring notifications received regardless of the source
• Respond to health tickets of security solutions and notify corresponding teams and follow up till closure.
• Apply necessary use cases on the SIEM solution to have better detection.
• Create and monitor use cases on the security solutions available such as the SIEM/NDR/EDR
• Participate on all POCs provided by Information Security Team
• Additional responsibilities as directed by the Contract Superintendent related the Services under this Contract.

Optional Certification

• GCIA
• CISSP
• GCIH
• GCFE or GNFA or GCFA