Cyber Security Analyst - IDS System (6-8 yrs)

Exp : 6-8 yrs

Role : Cyber Security Analyst

6 months contractual

Essential Functions :

- Provide timely detection and identification of possible attacks/intrusions and distinguish findings from benign activities.

- Correlate incident data to identify specific vulnerabilities and make recommendations that enable prompt containment and remediation.

- Coordinate with the greater organization to resolve cyber incidents.

- Provide technical summaries of findings in accordance with established reporting procedures.

- Escalate and triage incidents that may cause an immediate impact to the organization.

- Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats.

- Perform event correlation to gain situational awareness and to determine the effectiveness of an observed attack.

- Assist in the development and implementation of security policies and procedures.

- Track and document cyber incidents from initial detection through final resolution.

- Assist in reducing risk by actively identify areas of non-compliance and making recommendations for improvement.

- This role will work either in the UK shift (12 noon to - 9 pm) and/or US shift (5:30PM to 2:30AM).

Additional Functions :

- Stay current with cybersecurity news and trends relevant to the business and industry.

- Participate in the information security on-call rotation, providing emergency support for security-related incidents.

- Provide input into the development of security policies and procedures.

- Interface with other business units such as Governance, Risk, and Compliance to communicate program status and overall security posture.

- Promote a positive security culture through knowledge sharing, influences, and conduct.

- Create and maintain role-specific documentation.

- Participate in the Change Advisory Board (CAB).

Knowledge, Skills, and Abilities :

- Knowledge of system administration concepts for operating systems such as Unix/Linux, IOS, Android, and Windows operating systems.

- Knowledge of cloud service models and cloud security best practices.

- Knowledge of procedures used for documenting and querying reported incidents, problems, and events.

- Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.

- Knowledge of auditing and logging procedures (including server-based logging).

- Knowledge of common software applications and their associated vulnerabilities.

- Knowledge of host-based security products and how they reduce exploitation.

- Knowledge of approach, strategy, and structure of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis).

- Knowledge of MITRE ATT& amp; CK and similar cybersecurity frameworks.

- Knowledge of what constitutes a "threat" to a network.

- Skill of identifying, capturing, containing, and reporting malware.

- Skill in using incident handling methodologies.

- Skill in using security event correlation tools.

- Skill in developing analytic approaches to problems and situations for which information is incomplete or where no precedent exists.

- Ability to identify unusual activity amongst a defined baseline.

Qualifications :

Education/Experience :

- Bachelor's in computer science, Information Systems, Cybersecurity, or Software Engineering.

- 6 to 8 years of relevant experience in cybersecurity or information technology.

- 3+ years of hands-on experience with an EDR/XDR solution, SEG, and SIEM.

- Experienced in a scripting language such as Python, PowerShell, or VBA.

- Licenses and Certifications

- One or more technical or cybersecurity certification preferred (e.g., CISA, CCSP, CRISC, CEH, Security+, GSEC, SSCP)