Security Operations Analyst

| | Full time | Remote (Offshore)

If you like this offer, please send your CV mentioning the job title to: recruitment@united-its.com

Location:  Remote (Offshore)

Teleworking option: Yes

On-call requirements: (to be determined)


Main Duties and Responsibilities

Under the direct supervision of Lead, Cyber security Operations withinthe close collaboration with the Information Security Services team members in Clients and Projects to perform the following duties:

•Participates in a team of Security operations engineers investigating alerts, anomalies, errors, intrusions, malware, etc. to identify the responsible, determine remediation, and recommend security improvements

•Monitorand investigate alerts using Microsoft Security Tools (e.g.M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR

•Monitor and triage AWS security events and detections

•Monitor and investigate alerts leveraging EDR solutions

•Review security events that are populated in a Security Information and Event Management (SIEM) system

•Analysea variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident

•Follows precise analytical paths to determine the nature and extent of problems being reported by tools, e-mails, alerts, etc.

•Run vulnerability scans and reviews vulnerability assessment reports.

•Manages and configures security monitoring tools•Open tickets and assigning them to Tier II or other Security Operation teamsafter eliminating false positives;

•Responsible for working in a 24×7 Security Operation Centre (SOC) environment;

•Integrate and share information with other analysts and other teams

•Determines remediation and recovery efforts.

•Other duties as assigned

Knowledge and Skills:

Essential:
•Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols
•Deepknowledge ofwith Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR
•Deep Knowledge of Cloud technologies (e.g. Azure, AWS and GCP)
•Proven knowledge ofmonitoring AWS environment (Iaas,Saas, Paas)
•Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, Azure Sentinel, ELK Stack
•Knowledge of at least one EDR solution (RedCloak, ATP, Sentinelone, Crowdstrike)
•Knowledge of email security, network monitoring, and incident response
•Excellent communication skills
•Knowledge of Linux/Mac/Windows; •Programming skills (Python, Ruby, PHP, C, C#, Java, Perl, and more)
Desirable:
Any one of the following certifications
•MCSE, CCNA, GCIH, CEH, GCFA or any SANS certification

Experience:

Essential:

•Proven experience with Microsoft Security Tools (e.g.M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR

•Proven experience in monitoring AWS environment (Iaas,Saas, Paas)

•Proven experience supporting and monitoring endpoints with one of the following EDR solutions(ATP, Crowdstrike, RedCloak, Sentinelone)

•6years of relevant experience in administration /support of one of the following services or technologies

▪Active Directory Services

▪Perimeter network infrastructure (IPS/IDS/Firewalls)

▪Operating systems (Windows 2008, Windows 2012, Windows 10, Linux, Apple iOS)

▪Exchange /Domino/Email services

▪Active Directory Federation Services

▪Endpoint protection tools

▪SIEM/log management solutions

•Two years’ experience providing analysis and trending of security log data from a large number of heterogeneous security devices

•Extensive Windows, Linux, Database, Application, Web server, etc. log analysis

•Experience in vulnerability management and security incident response activities.

•Experience on an Incident Response team performing Tier I/II initial incident triage.

Languages:

•Expert knowledge of English is required.

•Knowledge of another UN language is desirable.