Deadline: 29/2/2024
Job Description:
Main Responsibilities and Duties:
- Management of 3rd Party Physical and Logical Access connected Systems and providing appropriate response to them that includes but not limited to: -
- Intrusion Detection & Prevention Systems (ID&PS).
- Anti - Virus / Endpoint Security Solution.
- Hosted Email Security / Office Scan.
- Data Leakage / Loss Prevention System.
- Security Incident & Event Management System (SIEM).
- File Integrity Monitoring System (FIM).
- Privileged Access Management System (PAM).
- Vulnerability Scanners.
- Single Point of Contact (SPOC) for Cyber Security & Incident Response Process.
- Single Point of Contact (SPOC) for Security Operations Center (SOC) Team.
- Monitoring company’s security infrastructure, identifying and reporting Real Time attacks and vulnerabilities on the network to Information Security Department.
- Identification of incidents and subsequent analysis and investigation to determine their severity and the response required.
- Ensure that incidents are correctly reported and documented in accordance with Switch Cyber Security & Incident Response policy and procedures.
- Be prepared to provide a Technical Escalation Point during security incidents, establishing the extent of an attack and the business impacts to concerned member of CIRT Team and Information Security Department.
- Maintain a keen understanding of evolving threats and vulnerabilities to ensure the security of the organization’s network.
- As required update Protective Monitoring/SOC documentation, processes and procedures and ensure accuracy.
- Execute analysis of email-based threats to include understanding of email communications, platforms, headers, transactions, and identification of malicious tactics, techniques, and procedures.
- Utilize and adhere to defined workflow and processes driving the Threat Monitoring and escalation/handoff actions.
- Analyze potential cyber threats from a variety of intakes taking appropriate response actions to include threat containment and/or escalation.
- Process tactical mitigations based on results of analysis and determination of threat validity.
- Follow escalation and handoff procedures to concerned CIRT team members and leadership based on defined threat and priority determination.
- Utilize a variety of security tools and technologies to analyze potential threats to determine impact, scope, and recovery.
- Leverage network security tools and capabilities to support Cyber Threat Monitoring activities.
- Documents results of cyber threat analysis effectively and prepares comprehensive handoff and/or escalation for Incident Response Reports.
- Stay up-to-date and evaluate security trends, evolving threats, risks and vulnerabilities and apply tools to evaluate and mitigate risk.
- Response and support activity during incident response including malware outbreaks, zero-day vulnerabilities and other major security events.
- Occasional need to work varied shifts, including weekends and holidays in support of incidents or other events.
- Identifying and creating incident tickets and validate remediation with CIRT Team / End Users to track resolution in Ticketing System.
- Performing review and validation of daily compliance reports to track business as usual and out of policy activities.
Technical Requirements:
- Knowledge of Firewalls and ID/PS.
- Vulnerabilities assessment and Patch management.
- SIEM/FIM, log management, audit trails.
- Knowledge of Incident Response and Computer Forensics.
- Two or more year's industry experience with Security products, effective learning skills, works well in a team environment, Strong problem-solving skills.
Education:
- College degree, preferably in Computer Science, or equivalent is required.
- Will consider related field (or equivalent) experience.
- Personal Competencies.
- Good verbal/written communication.
- Excellent interpersonal skills.
- Works well under pressure.
- Responsible attitude.
- Positive team player.
- Able to take initiative.
- Good time management.
- Attention to detail, methodical.
- Customer service orientation.
- Professional approach and conduct.
- Eager to learn.
Required Certifications:
- Any of the below certification is a Plus
- CTIA (Certified Threat Intelligence Analyst).
- ECIH (EC Council Certified Incident Handler).
- CSA (Certified SOC Analyst).
- CHFI (Computer Hacking Forensic Investigator).
- CEH (Certified Ethical Hacker).
Sorry! registration for this Job has expired!