Cyber Security Analyst

Cyber Security Analyst

1. Planning, implementing, managing, monitoring, and upgrading security measures for the protection of the organizations data, systems, and networks

2. Ensuring that the organizations data and infrastructure are protected by enabling the appropriate security controls

3.monitor and respond to common cyber threats such as 'phishing' emails, 'pharming' activity, malware and ransomware

4.monitor identity and access management, including monitoring for abuse of permissions by authorised system users

5.liaise with stakeholders in relation to cyber security issues and provide future recommendations

6.record all findings, actions taken and lessons learned following an incident to strengthen future responses

7.generate incident reports for both technical and non-technical staff and stakeholders

8.identify potential weaknesses and implement measures, such as firewalls and encryption

9.investigate security alerts and provide incident response using incident handling methodologies and best practices

10.Determines security violations and inefficiencies by conducting periodic audits.

11.Upgrades system by implementing and maintaining security controls.

12.monitor for attacks, intrusions and unusual, unauthorised or illegal activity

13.test and evaluate security products and check suppliers certification, compliance and accreditation

14.design new security systems or upgrade existing ones

15.use advanced analytic tools to determine emerging threat patterns and vulnerabilities

16.keep up to date with the latest security and technology developments

17.Research/evaluate emerging cyber security threats and vulnerabilities and ways to manage them

18.Plan for disaster recovery and create contingency plans in the event of any security breaches

19.engage in 'ethical hacking', for example, simulating security breaches

20.Contributes to team effort by accomplishing related results as needed.

21. Troubleshooting security and network problems

22. Responding to all system and/or network security breaches

23. Participating in the change management process

24. Testing and identifying network and system vulnerabilities

25. Daily administrative tasks, reporting, and communication with the relevant departments in the organization.

Mandatory Technical Expertise:

1.Vulnerability Management tool Tenable / Nessus, WAS, Qualys, CrowdStrike, Burpsuite, Web Security Scanner

2.XDR Platform Trend Micro and MS Defender

3.Azure and Azure AD and Security tools, Defender EDR, Defender for Office, Defender for Cloud/Server/DB

4.SIEM Trend Micro or FortiGate or IBM QRadar, Log Rhythm, MS Azure Sentinel (Azure Event Hub, Azure Log Analytics Workspace)

5.Experience with Web filtering tool specifically with Fortinet, and NAC / Cisco ISE

(a). Implement new web filtering solution using Fortinet

(b). Test, verify and implement policies, create groups, grand access to groups. 6. Experience with WAF Imperva, FortiWeb, F5 7. Experience with DMARC RUA/RUF

6.Experience with Firewall and Firewall rules, IP addressing, subnets, ports and VPN. (a). Configure and implement firewall rules

(b). Audit firewall rules and network segmentation.

(c). Verify and Submit firewall rule requests

(d). Working Knowledge on OT firewall

(f). Practical knowledge on Azure Firewall, VNET, NSG, VPC , CIPM configuration

7.Significant Experience with SIEM to (a) Configure and implement rules, data sets, APIs, third party cloud API integration to facilitate ingestion of logs sources like o365, Azure AD, AWS

(b) Integrate log data sets with SIEM

(c) Configure IOC, and alerts

(d) Conduct searches raw logs, Investigate alerts, assets, domains, users, IPs, files, Threat Intelligence and Threat Advisories (TI / TA)

(e) Configure and monitor events using rules and run rules against historical data

(f)Working experience with Python, Kali-Linux, YARA-L language

8.Experience with AD, GPOs, Security groups, Windows Servers, Desktop OS.

9.Experience in the field of Information Systems Security required. Analyst must have working knowledge of relevant ISO 27001/FISMA/NIST information security regulations and guidelines.

10.Working knowledge of IT Security Best Practices regarding networks and networking including protocol analysis, anomaly detection, and troubleshooting

11.Experience reviewing logs, scripting tasks, or creating structured queries/regex searches

12.GxP, 21CFR and GMP Process knowledge is a plus

13.Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.

14.Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations

15.Experience with vulnerability scanning solutions

16.Proficiency with at least 4 or 5 of the following: Anti-Virus, XDR, SIEM, NIPS, HIPS, WAF, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, Encryption and RSA Security

17.In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g.Trend Micro, Microsoft Sentinel, ArcSight, QRadar, LogLogic, Splunk)

18.Experience developing and deploying signatures (e.g. YARA, Snort, Suricata, HIPS)

19.Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands

Education, Experience, and Licensing Requirements:

• Bachelors Engineering degree in computer science, Information Systems
• Security Analyst: 5-7 years of prior relevant experience
• Senior Security Analyst: 8-10 years of prior relevant experience
• Advanced certifications such as CEH, CHFI, ECIH, CISM, SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification
• ITIL Foundation or Intermediate Process
• Certified in CAPM or PMP or Prince2