Managed Services – Information Security Analyst(L2)
- 2 Numbers
- Cyber Security Operations Manager
- Managing multiple shifts of Security Operations Centre Managers performing security event monitoring and incident identification for 24×7 Security Operations Centre
- Provide tactical and strategic direction for the Security Operations Centre staff, program development & maturity roadmap
- To validate the Incidents reported by SOC operators.
- To escalate timely when the SLA for alerting is not met.
- To identify the incidents if there are any missed by SOC operators
- To interact with external parties to resolve the queries relating to the raised incidents.
- To manage the SIEM, incidents knowledge base.
- To generate the daily reports, weekly reports and monthly reports on time.
- To maintain the timely delivery of reports.
- To maintain the updated and latest log baselines.
- The security analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2information security specialist, and/or customer as appropriate to perform further investigation and resolution.
- Recommend enhancements to SOC security process, procedures and policies.
- Participate in security incident management and vulnerability management processes.
- Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems.
- Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats
- Communicate effectively with customers, teammates, and management
- Provide input on tuning and optimization of security systems
- Follow ITIL practices regarding incident, problem and change management
- Document and maintain customer build documents, security procedures and processes.
- Staying up-to-date with emerging security threats including applicable regulatory security requirements.
- Other responsibilities and additional duties as assigned by the security management team
Ideal candidates will have as much of the following
- High-level understanding of TCP/IP protocol and OSI Seven Layer Model.
- Knowledge of security best practices and concepts.
- Knowledge of Windows and/or Unix-based systems/architectures and related security.
- Intermediate level of knowledge of LAN/WAN technologies.
- Must have a solid understanding of information technology and information security.
- Certification in at least one industry-leading SIEM product.
- Preferred Information Security professional designations such as CISSP, CISM, CISA
- 3-5 years previous Security Operations Centre Experience in conducting security investigations
- Detail oriented with strong organizational and analytical skills
- Strong written communication skills and presentation skills
- Self-starter, critical and strategic thinker, negotiator and consensus builder
- Good knowledge of IT including multiple operating systems and system administration skills (Windows, Linux)
- Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products
- Strong understanding of security incident management, malware management and vulnerability management processes
- Security monitoring experience with any SIEM technologies and intrusion detection technologies
- Experience with web content filtering technology -policy engineering and troubleshooting
- Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP
- A Bachelor’s Degree / Diploma in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering
- Excellent English written and verbal skills.
- Shift work required
- After-hours availability required