Required Qualifications: • Strong analytical and technical skills in computer network defense operations • Incident Handling (Detection, Analysis, Triage) • Hunting (anomalous pattern detection and content management). • Prior experience of investigating security events. • Should be able to distinguish incidents as opposed to non-incidents. • Working knowledge of operating systems • network technologies (firewall, proxy, DNS, Netflow) • Active Directory • Network communications and routing protocols (e.g., TCP, UDP, ICMP, BGP, MPLS, etc.) • Common internet applications and standards (e.g., SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
Desired Qualifications: • Relevant Certifications: CEH, CISSP, Security+, or related certification. • Bachelor's Degree in Information Technologies, Cyber Security, or a related field. • Experience with some/all: Cisco AMP, Sumo Logic, CounterTack, SIEM solutions, Kibana/Zeppelin, ThreatQ, FireEye Malware analysis, Snort, Suricata, SPLUNK Key Responsibilities: • Monitor for threats, analyze, and notify customer. • Working in a 24x7 Security Operation Center (SOC) environment. • Security Log analysis to detect attack origin, attack spread, attacker details, incident details. • Incident Response when analysis confirms actionable incident. • Analyze and respond to previously undisclosed software and hardware vulnerabilities. • Investigate, document, and report on incident. • Integrate and share information with other analysts and other teams. • Other tasks and responsibilities as assigned. • Interface with customers daily to consult with them on best security practices and help them mature their security posture.
The candidates should have: • Good verbal & written communication skills • Good understanding of networking concepts • Good understanding of Windows and Unix basics