Security Operations Analyst neu

Good understanding of latest technologies atleast two from the list: cognitive services, hybrid cloud solutions, blockchain solutions, microservices, data lakes…...

Location:
Valencia, Spain; Geneva, Switzerland; Rome, Brindisi, Italy; New York; US; Off-site

Security Clearance:
n/a

Introduction

To meet the increasing demands, the Client requires to build capabilities to provide information security services to Client’s partner Organizations and to internal Client’s business operations. The Client is developing and delivering a vast range of information security services to support its Partner Organizations. These range from Security Governance, Security Architecture and Projects and Security Operations. To meet the high demand of information security support, Client is reaching out to external Consultants, who can deliver these security services.

Due to the complex/varied nature of projects, information security experience in certain subject areas and required technical expertise is expected. Further, the supplier is expected to provide a high level of technical understanding in many upcoming technology tracks and information security matters.

Knowledge and Skills

Essential:

  • Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols.
  • Deep knowledge of with Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR.
  • Deep Knowledge of Cloud technologies (e.g. Azure, AWS and GCP).
  • Proven knowledge of monitoring AWS environment (Iaas,Saas, Paas).
  • Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, Azure Sentinel, ELK Stack.
  • Knowledge of at least one EDR solution (RedCloak, ATP, Sentinelone, Crowdstrike).
  • Knowledge of email security, network monitoring, and incident response.
  • Excellent communication skills.
  • Knowledge of Linux/Mac/Windows.
  • Programming skills (Python, Ruby, PHP, C, C#, Java, Perl, and more).
  • Expert knowledge of English is required (Oral and Written).

Desirable:
Any one of the following certifications

  • MCSE, CCNA, GCIH, CEH, GCFA or any SANS certification.
  • Knowledge of another language is desirable.

Education

Essential:

  • Proven experience with Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR.
  • Proven experience in monitoring AWS environment (Iaas,Saas, Paas).
  • Proven experience supporting and monitoring endpoints with one of the following EDR solutions (ATP, Crowdstrike, RedCloak, Sentinelone).
  • 6 years of relevant experience in administration /support of one of the following services or technologies
  • Active Directory Services
  • Perimeter network infrastructure (IPS/IDS/Firewalls)
  • Operating systems (Windows 2008, Windows 2012, Windows 10, Linux, Apple iOS)
  • Exchange /Domino/Email services
  • Active Directory Federation Services
  • Endpoint protection tools
  • SIEM/log management solutions
  • Two years’ experience providing analysis and trending of security log data from a large number of heterogeneous security devices.
  • Extensive Windows, Linux, Database, Application, Web server, etc. log analysis.
  • Experience in vulnerability management and security incident response activities.
  • Experience on an Incident Response team performing Tier I/II initial incident triage.

Experience

Essential:

  • Minimum 10 years of engineering experience with cloud based services.
  • Strong understanding of cloud federation and modern application integrations.
  • Experience architecting Cloud solutions which span storage, security, networking and compute capabilities.
  • Knowledge and experience with attack simulation, vulnerability management and application testing.
  • Strong background in Networking, Identity and access management.
  • Strong knowledge of various security operational services and tools like firewalls, IPS, WAF, SIEM, Content filtering, application whitelisting.
  • Good understanding of atleast one of the following enterprise Identity and access management solutions, Azure Active Directory, AWS identity management solution.
  • Good understanding of various cybersecurity processes like vulnerability management, patch management, incident and problem management, etc.
  • String scripting knowledge and experience.
  • Good understanding of latest technologies atleast two from the list: cognitive services, hybrid cloud solutions, blockchain solutions, microservices, data lakes, etc.
  • Strong analytical and problem-solving skills.
  • Demonstrated background in deploying highly secure solutions.
  • Experience with risk assessment methods and security assessment processes.
  • Experience in producing technical documentation including user requirement documents, proposals in response to project requirements.
  • Experience in drafting processes and procedures documentation.
  • Experience in working with Microsoft office tools and Microsoft Project.

Desirable:

  • Knowledge of CI/CD Pipelines.
  • Infrastructure provisioning via Terraform desirable.
  • O365 security controls.

Duties/role

The Client, within its Project Office Section, seeks a consultant to provide information and communication technology (ICT) services (including training) on an inter-organizational basis.

Under the direct supervision of Lead, Cyber security Operations within the close collaboration with the Information Security Services team members in Clients and Projects to perform the following duties:

  • Participates in a team of Security operations engineers investigating alerts, anomalies, errors, intrusions, malware, etc. to identify the responsible, determine remediation, and recommend security improvements.
  • Monitor and investigate alerts using Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR.
  • Monitor and triage AWS security events and detections.
  • Monitor and investigate alerts leveraging EDR solutions.
  • Review security events that are populated in a Security Information and Event Management (SIEM) system.
  • Analyse a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incydent.
  • Follows precise analytical paths to determine the nature and extent of problems being reported by tools, e-mails, alerts, etc.
  • Run vulnerability scans and reviews vulnerability assessment reports.
  • Manages and configures security monitoring tools.
  • Open tickets and assigning them to Tier II or other Security Operation teams after eliminating false positives.
  • Responsible for working in a 24×7 Security Operation Centre (SOC) environment.
  • Integrate and share information with other analysts and other teams.
  • Determines remediation and recovery efforts.
  • Other duties as assigned.

VECTOR SYNERGY sp. z o.o., ul. Marcelinska 90, 60-324 Poznań, Poland, VAT No: PL7811857270,

REGON (Business Statistical Number): 301575740, KRS (National Court Register): 0000369575

The Regional Court Issued by the Poznan – Nowe Miasto and Wilda in Poznan, VIII Commercial Department of the National Court Register, Share capital: 71 625,00 PLN paid in full, Phone: +48 616670744, FAX +48 616684501, www.vectorsynergy.com, info@vectorsynergy.com