Notify Client of incident and required mitigation works.
Develop and distribute information and alerts on required corrective actions to the organisation.
Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation.
Proactively research and monitor security information to identify potential threats that may impact the organisation.
Escalate validated and confirmed incidents to designated incident response team or client’s SPOC.
Learn new attack patterns, actively participate in security forums.
Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.
Perform threat intel research.
Ability to run and understand Sandbox Static Analysis.
Open and update incidents in ITSM Platform to report the alarms triggered or threats detected. Analyst should properly include for each incident on ITSM all details related to the logs, alarms and other indicators identified in accordance with the intervention protocol of each client and the SLA.
Track and update incidents and requests based on client’s updates and analysis results.
Knowledge of different security solutions like IDS/IPS, Firewall, VPN, and other security products.
Experience with Security Information Event Management (SIEM) tools
Should have expertise on TCP/IP network traffic and event log analysis.
Knowledge and hands-on experience with LogRhythm, QRadar, Arcsight, Mcafee epo, NetIQ Sentinel or any SIEM tool.
Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
Knowledge of performing Vulnerability Assessment & Penetration Testing would be an additional advantage
Additional Desired Skills
Strong verbal and written English communication.
Strong interpersonal and presentation skills.
Ability to work with minimal levels of supervision.
Willingness to work in a job that involves 24/7 operations.