Job Description

• Responsible for the tracking and assignment of tickets/events generated by Tier 1 Analyst(s). 
• Handle incident escalations as required from other analysts. Manage incident responses and coordinate remediation with clients.
• Create rules, filters, active channels, queries, trends and all other informational content based on use cases.
• Develop, implement, maintain and execute standard content development practices for SIEM Platform. 
• Leverage emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. 
• Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation.
• Analyze threat and vulnerability alerts, determine current impacts, and coordinate remediation actions as necessary.
• Proactively research and monitor security-related information sources to aid in the identification of threats to networks, systems, and intellectual property.
• Collaborate with other teams to assess risk and develop improvement strategies for security posture.
• Responsible for creating filters, reports, dashboards, and alerts in support of Cyber Operations. 
• Tune correlation rules and event data quality to maximize SIEM system efficiency. 
• Provide support, recommendations and optimization for the SIEM platform. 
• Provide leadership and mentoring to other analysts, perform basic malware analysis and forensic analysis of network activity, disks, and memory.
• Develop and deliver internal and client-facing program reviews, status reports, performance reports and other communications.
• Lead technical meetings and workgroup sessions with relevant SMEs.

Job Requirements

1. Bachelor’s degree in Computer Science, Engineering, Business, or related field or equivalent work experience in SOC IDS/IPS Monitoring. 
2. Intermediate-level certification(s) in SANS – GCIH, Product Symantec/MacAfee, Comptia Security+, and ITIL Foundation. 
3. Typically 3+ years of relevant experience. 
4. Knowledgeable in SOC processes. 
5. Skilled in SIEM technology and tools (such as RSA, Arcsight, Splunk and QRadar), anti-Virus/Malware, anti-DDOS, WAF, FW Rules Management, forensic tools. 
6. Knowledge and experience in IT Security Technologies. 
7. Experience in Vulnerability Management, Security Incident Management, Forensic Analysis.  
8. Ability to translate security impact to the wider business. 
9. Willingness to work outside office hours as part of the CSIRT Team. 
10. Ability to work in an international context 
11. Excellent communication skills. 
12. Interpersonal skills with the ability to establish and working relationships in a project-based / client-serving model, and to work closely with people at different levels of an organization. 

Additional Info