Senior Cyber Security Analyst

Senior Cyber Security Analyst

1.Working knowledge of Windows and Linux operating systems and security

2. Designing, implementing, maintaining, overseeing, and upgrading all security measures needed to protect organizations data, systems, and networks

3. Responding to all security breaches to the network and associated systems

4. Troubleshooting all network and security issues and incidents

5. Routinely conduct penetration testing

6. Taking appropriate security measures to ensure that the organizations infrastructure and existing data are kept safe

7. Conducting testing and scans to identify any vulnerabilities in the network and system

8.Protecting the systems and networks of an organization against potential threats from cyberspace adversaries.

9.Performing assessments and conducting regular penetration testing.

10.Architecting and engineering trustworthy, reliable, and secure systems.

11.Managing audits, intrusion, and security technology systems.

12.Identifying unauthorized access and offering corrective solutions.

13.Familiarity with Cisco and Fortinet security products and operational practices

14.Ability to parse logs, create queries, and perform root cause analysis of events

15.Understanding of logical security, user access and identity management

16.Detail oriented and process focused with a strong appreciation of completeness and accuracy

17.Ability to independently prioritize work and complete assignments with minimal oversight

18.Team player who is energized by problem solving and finding solutions together to deliver maximum benefit.

19.Ability to adjust communication style/content to interact with IT and business professionals.

20.Work closely with Cyber Security Architect and network security team to implement and maintain secure network design

21.Provide information security expertise to system development teams

22.Works with network monitoring and management applications and creating highly reproduceable configuration scripts and templates

23.Self-motivated, able to self-manage work and tasks against SLAs and objectives

24.Configure custom IT security policies, manage and maintain operational availability of networked devices by using a variety of security applications and systems in cloud or on prem network environments.

25.review and improve security processes

26.maintain an information security risk register and assist with internal and external audits relating to information security

27.promote a culture of security amongst colleagues and other stakeholders and support wider security initiatives

28.assist with the creation, maintenance and delivery of cyber security awareness training for colleagues

29.give advice and guidance to staff on issues such as spam and unwanted or malicious emails.

30.Safeguards information system assets by identifying and solving potential and actual security problems.

31.Protects system by defining access privileges, control structures, and resources.

32.Recognizes problems by identifying abnormalities, reporting violations.

33.Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.

34. Evaluating the organizations security needs and establishing best practices and standards accordingly

35.Collaborating and coordinating with other teams to establish security protocols across the organization.

Mandatory Technical Expertise:

1. Vulnerability Management tool Tenable / Nessus, WAS, Qualys, CrowdStrike, Burpsuite, Web Security Scanner

2.XDR Platform Trend Micro and MS Defender

3.Azure and Azure AD and Security tools, Defender EDR, Defender for Office, Defender for Cloud/Server/DB

4.SIEM Trend Micro or FortiGate or IBM QRadar, Log Rhythm, MS Azure Sentinel (Azure Event Hub, Azure Log Analytics Workspace)

5.Experience with Web filtering tool specifically with Fortinet, and NAC / Cisco ISE

(a). Implement new web filtering solution using Fortinet

(b). Test, verify and implement policies, create groups, grand access to groups. 6. Experience with WAF Imperva, FortiWeb, F5 7. Experience with DMARC RUA/RUF

6.Experience with Firewall and Firewall rules, IP addressing, subnets, ports and VPN. (a). Configure and implement firewall rules

(b). Audit firewall rules and network segmentation.

(c). Verify and Submit firewall rule requests

(d). Working Knowledge on OT firewall

(f). Practical knowledge on Azure Firewall, VNET, NSG, VPC , CIPM configuration

7.Significant Experience with SIEM to (a) Configure and implement rules, data sets, APIs, third party cloud API integration to facilitate ingestion of logs sources like o365, Azure AD, AWS

(b) Integrate log data sets with SIEM INTAS - IT SECURITY TEAM

(c) Configure IOC, and alerts

(d) Conduct searches raw logs, Investigate alerts, assets, domains, users, IPs, files, Threat Intelligence and Threat Advisories (TI / TA)

(e) Configure and monitor events using rules and run rules against historical data

(f)Working experience with Python, Kali-Linux, YARA-L language

8.Experience with AD, GPOs, Security groups, Windows Servers, Desktop OS.

9.Experience in the field of Information Systems Security required. Analyst must have working knowledge of relevant ISO 27001/FISMA/NIST information security regulations and guidelines.

10.Working knowledge of IT Security Best Practices regarding networks and networking including protocol analysis, anomaly detection, and troubleshooting

11.Experience reviewing logs, scripting tasks, or creating structured queries/regex searches

12.GxP, 21CFR and GMP Process knowledge is a plus

13.Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.

14.Hands-on experience analyzing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations

15.Experience with vulnerability scanning solutions

16.Proficiency with at least 4 or 5 of the following: Anti-Virus, XDR, SIEM, NIPS, HIPS, WAF, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, Encryption and RSA Security

17.In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g.Trend Micro, Microsoft Sentinel, ArcSight, QRadar, LogLogic, Splunk)

18.Experience developing and deploying signatures (e.g. YARA, Snort, Suricata, HIPS)

19.Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands.

Education, Experience, and Licensing Requirements:

• Bachelors Engineering degree in computer science, Information Systems
• Security Analyst: 5-7 years of prior relevant experience
• Senior Security Analyst: 8-10 years of prior relevant experience
• Advanced certifications such as CEH, CHFI, ECIH, CISM, SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification
• ITIL Foundation or Intermediate Process
• Certified in CAPM or PMP or Prince2