Jobs

Security Operations Centre Analyst

LuxembourgLuxembourgEurope

Description

The primary objective of this service is to act as the first line of response regarding the potentialoccurrence of a cyber attack or security incident. Supported by several automated tools such asintrusion detection systems, log correlation engines and SIEM, ticketing system, alerts and warningfrom internal and external sources, this service involves receiving, triaging and responding toalerts, requests and reports, and analysing events and potential incidents and to provide theprimary support for incident responders. Triage involves assessing whether a security incident orthe level of exposure of a vulnerability is a true or false positive, tagging the vulnerability or incidentwith an initial severity classification and to activate the corresponding incident response playbookentry. Another objective of this service is to follow pre-defined procedures to perform technicaltasks related to identity and access management.

Tasks

 Real-time monitoring of cyber defence and intrusion detection systems Automatic-based processing (centralisation, filtering and correlation) of security events Human-based analysis of automatically correlated events Processing of incoming warnings, alerts and reports Triage based on verification, level of exposure and impact assessment Categorize events, incidents and vulnerabilities based on relevance, exposure and impact Open tickets and ensure case management Activate initial response plan based on standard playbook entries Maintain incident response address book Provide support to incident responders Advise affected users on appropriate course of action Monitor open tickets for incidents/vulnerabilities from start to resolution Escalate unresolved problems to higher levels of support, including the incident responseand vulnerability mitigation teams Configure the SIEM components for an optimal performance Improve correlation rules to ensure that the monitoring policy allows an efficient detection ofpotential incidents. For a new component to be monitored, this encompasses Analysing risks and security policy requirements Translating them into technical events targeting the system components Identifying the required logs/files/artefacts to collect from the monitored system and,if necessary, possible complementary devices to deploy Elaborating the relevant detection and correlation rules Implementing these rules in the SIEM infrastructure Configuring and tuning cyber-defense solutions Reviewing and improving the monitoring policy on a regular basis Integrate cyber-defence solutions for efficient detection Define dashboards and reports for reporting on KPIs. Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions Contribute to the design of the overall monitoring architecture, in close relationship with the customers/system owners, on the one hand, and the security operations engineering team, on the other hand, by performing the following tasks: Assessment of security events detection solutions, development of solutions; Integration of these solutions within the security monitoring scheme (log collection architecture, interoperability, formats, network aspects, …); Deployment and validation of the solutions; Draft documentation such as architecture design descriptions, assessment reports,configuration guides, security operating procedures Produce and maintain accurate and up-to-date technical documentation, includingprocesses and procedures (so called playbook), related to security incidents and preventivemaintenance procedures Management of identities and its related user accounts Management of groups, roles and other means of authorization Solve incidents, requests and problem tickets from 1st Level Support or internal customersrelated to identity and access management Maintain accurate documentation During security incidents, implement detection means to monitor attacker activities in realtime Integrate IOCs in security solutions Take an active part in developing and improving the maturity framework, and have it understood and implemented by the team, by:

  • Designing and drafting SOC processes and procedures framework
  • Implementing SOC processes and procedures, deploy collaborative tools and dashboards
  • Coaching/training the team on the processes, procedures and tools
  • Regularly auditing and reporting on maturity to the management
  • Reviewing and improving the framework

 Provide activity reports to management to demonstrate service SLA and service quality

Key Requirements:

At least 1 certification among: GPEN (GIAC Certified Penetration Tester) GCED (GIAC Certified Entreprise Defender) GPPA (GIAC Certified Perimeter ProtectionAnalyst) GCFE (GIAC Certified Forensic Examiner) GCFA (GIAC Certified Forensic Analyst) GNFA (GIAC Certified Network Forensic Analyst) CFCE (IACIS Certified Forensic ComputerExaminer) CCFP (Certified Cyber Forensics Professional) SCMO (SABSA Certified Security Operations &Service Management Specialist) or an equivalent certification rec-ognized internationally (subject to acceptance as a valid-credential by the Contracting EU-I)

  • Networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.)
  • Strong knowledge in the security analysis of firewall,proxy,and IDS logs
  • Strong knowledge in the security analysis of Applicableor Middleware logs (Oracle, Apache, Weblogic)
  • SIEM (Arcsight ESM 6.x, Q-RADAR, or equivalent -subject to acceptance by the contracting EU-I)
  • Log management solution (Arcsight Loggers and/or QRADARand/or Splunk or equivalent - subject toacceptance of the contracting EU-I))

Desirable skills

  • STIX (Structured Threat Information Expression) with aparticular focus on the following related standards:• CybOX (Cyber Observables)• CAPEC (Attack Patterns)• MAEC (Malware)TAXII (Threat Information Exchange)
  • Experience in using, configuring and tuning a SIEM
  • Knowledge in network security solution/technologieso Firewalls;o Network IDS and IPS;o Switches and routerso APT detection solutions such asFireEye;o DNS, DHCP, VPN, …o Network forensics (full packet capture)o Traffic baselining analysis
  • Knowledge in Host based security solutionso HIPS;o Malware end-point protectiono OS logs
  • Strong knowledge in Windows security events analysis
  • Writing and optimizing IDS signatures (preferablySNORT and/or SURICATA)
  • Writing and optimizing YARA rules
  • SNORT or SourceFire NGIPS, FireSIGHT,
  • Suricata/StamusNetworks
  • ELK (ElasticSearch, Logstash & Kibana)
  • FireEye Ex, Nx, Ax, Fx, Hx, Ix
  • CheckPoint and Juniper Firewalls
  • BlueCoat proxies

The following documents / procedures will be requested to successfully complete the hiring process :

  • A copy of your university degree(s)
  • A copy of your criminal record
  • Security Clearance Procedure

WHO WE ARE?

CRI company part of VASS Group, leads the digital transformation and cyber security in the European Union.

CRI operates serving the European Union Institutions, telecom operators, financial institutions and governmental bodies through a comprehensive offering of services and technologies.

Please visit our website and let's get in touch: www.cri-group.eu

Cyber Security Jobs by Category

Cyber Security Jobs by Location

Cyber Security Salaries