Cybersecurity Operation Analyst
Job Category: R&D: Software - IS - IT & Cybersecurity Job Title: Cybersecurity Operation Analyst
The Cybersecurity operation analyst is responsible for the prevention of Cybersecurity incidents by real-time monitoring, detection, and analysis of potential intrusions. This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events. The position operates and tunes security supporting tools, provides requirements for new security tools and creates use cases for monitoring. Candidate must have a strong infrastructure, system and network administration background. Managing, maintaining servers (Windows/Linux) and network security devices will be one of the key responsibility of this role.
Manage and maintain the CSOC infrastructure and ensure the functionality, security and availability of all the systems.
Subject matter expert on various SIEM technologies (Splunk, Qradar, LogRhythm) Proficient knowledge in interpreting and constructing queries Adapt and make use of security use-case management framework to continually improve and tune SIEM use cases and assist in maintaining the SIEM use case library Experience in building workflows, and playbooks on a Security Orchestration Automation and Response (SOAR) platform Can interpret, and modify scripts and configurations Carry out analysis to determine the root cause of events Ingest, analyze and contextualize data and turn that into intelligence for threat assessment and risk management.
Perform protocol analysis for the detection and investigation of command and control traffic.
Document incidents from initial detection through final resolution.
Provide advice on configuration of network security devices for service and security enhancement.
Perform threat hunting activities, looking for anomalies.
Carry out first responder actions, triaging and containing breaches.
Support other CSOC operation analysts in with Cybersecurity investigations. Provide guidance and on incident resolution and containment techniques.
Contribute to the creation, update and distribution of incident response best practices to include response capabilities and recommendations to senior leadership when dealing with incidents that impact multiple platforms or methodologies Document incidents from initial detection through final resolution.
Adhere to and ensure alignment with ITIL practices regarding incident, problem and change management Communicate effectively (team spirit) with customers, colleagues, and management.
Maintain an understanding of current and emerging threats and vulnerabilities and security technology developments.
(SIEM) Splunk, Qradar
5-8 years in IT and Cybersecurity
Must have experience in SOC/NOC environment.
Knowledge of myriad of operating systems, from the latest to legacy Windows, UNIX and embedded SCADA platforms.
Strong understanding of security incident management, malware management and vulnerability management processes.
Understanding of network environments including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP Understanding of the current and future threats across the cyber landscape.
Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
Excellent in creating reports, presentation, architecture, workflow diagrams and documentations.
Proficient with Microsoft Office product (Word, Excel, PowerPoint, Visio, MS Project).
Must have superb analytical skills and detailed oriented analysis.
Proficient with Cybersecurity tools and technology and have an outside the box mindset.
Proficient in designing, implementing and maintaining SIEM platform, log management systems, and correlation engine.
Proficient in diverse system infrastructure (Windows, *nix).
Proficient with Apache, Kafka, Storm, Ansible, and ELK.
Knowledge with common programming languages (python, PowerShell, etc.) Proficient in vulnerability scans, penetration testing, incident management, management of SIEM, Firewall, WAF, IDS/IPS, Data Loss Prevention (DLP), and threat intelligence platform.
Security monitoring experience with one or more SIEM technologies – IBM QRadar, LogRhythm, Splunk and intrusion detection and prevention technologies.
Network domain: extensive knowledge on firewalls, switches, VLAN, VPN, HA proxy.
System domain: extensive knowledge of Windows, Linux, LDAP, DNS, SMTP, NTP, AV/EDR Database domain : Working knowledge of Relational Databases (MySQL, Oracle, MongoDB) , Big Data (ElasticSearch) Software domain : extensive knowledge on Ansible, Kibana, Kafka, Storm, Punchlet, Java, Apache, Nagios
Minimum Degree Required: Bachelor's Degree