Security Operations Analyst
31.01.2021 | Valencia (Spain) | Fulltime
If you fit in this offer, please send your resume: email@example.com
Resumes that are not in English will not be considered
ICC is committed to achieving diversity and inclusion within its workforce, providing an environment that reflects the values enshrined in the Charter of the United Nations and encourages all qualified applicants, irrespective of gender, nationality, disabilities, sexual orientation, culture, religious and ethnic backgrounds to apply. ICC is dedicated to the SDGs, making SDG-5 (Gender Equality) and SDG-10 (Reduce Inequalities) the organization goals.
Location: Valencia (Spain)
Security Operations Analyst (t1)
Under the direct supervision of Lead, Cyber security Operations within the close collaboration with the Information Security Services team members in Clients and Projects to perform the following duties:
Main duties and responsibilities
- Participates in a team of Security operations engineers investigating alerts, anomalies, errors, intrusions, malware, etc. to identify the responsible, determine remediation, and recommend security improvements
- Monitor and investigate alerts using Microsoft Security Tools (e.g.M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR
- Monitor andtriageAWS security events and detections
- Monitor and investigate alerts leveraging EDR solutions
- Review security events that are populated in a Security Information and Event Management (SIEM) system
- Analyse a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident
- Followspreciseanalytical paths to determine the nature and extent of problems being reported by tools, e-mails, alerts, etc.
- Runvulnerabilityscans and reviews vulnerability assessment reports.
- Managesand configuressecurity monitoring tools
- Opentickets and assigning them to Tier II or other Security Operation teams after eliminating false positives;
- Responsible for working in a 24×7 Security Operation Centre (SOC) environment;
- Integrate and share information with other analysts and other teams
- Determines remediation and recovery efforts.
- Other duties as assigned
Knowledge and Skills
- KnowledgeofTransmission Control Protocol / Internet Protocol (TCP/IP) protocols
- DeepknowledgeofwithMicrosoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR
- DeepKnowledgeof Cloud technologies (e.g. Azure, AWS and GCP)
- Provenknowledgeofmonitoring AWS environment (Iaas,Saas, Paas)
- Deepknowledgeof SIEM tools like Splunk, QRadar, ArcSight, Azure Sentinel, ELK Stack
- Knowledgeofat least one EDR solution (RedCloak, ATP, Sentinelone, Crowdstrike)
- Knowledgeofemail security, network monitoring, and incident response
- Programmingskills(Python, Ruby, PHP, C, C#, Java, Perl, and more)
Any one of the following certifications:
- MCSE, CCNA, GCIH, CEH, GCFAorany SANS certifications
- Provenexperience with Microsoft Security Tools (e.g.M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR)
- Provenexperiencein monitoring AWS environment (Iaas,Saas, Paas)
- Proven experience supporting and monitoring endpoints with one of the following EDR solutions (ATP, Crowdstrike, RedCloak, Sentinelone)
- 6 years of relevant experience in administration /support of one of the following services or technologies:
▪Active Directory Services
▪Perimeter network infrastructure (IPS/IDS/Firewalls)
▪Operating systems (Windows 2008, Windows 2012, Windows 10, Linux, Apple iOS)
▪Exchange /Domino/Email services
▪Active Directory Federation Services
▪Endpoint protection tools
▪SIEM/log management solutions
- Two years’ experience providing analysis and trending of security log data from a large number of heterogeneous security devices
- Extensive Windows, Linux, Database, Application, Web server, etc. log analysis
- Experience in vulnerability management and security incident response activities.
- Experience on an Incident Response team performing Tier I/II initial incident triage.