The primary objective of this service is to act as the first line of response regarding the potential occurrence of a cyber-attack or security incident. Supported by several automated tools such as intrusion detection systems, log correlation engines and SIEM, ticketing system, alerts and warning from internal and external sources.
This service involves receiving, triaging and responding to alerts, requests and reports, and analysing events and potential incidents and to provide the primary support for incident responders. Triage involves assessing whether a security incident or the level of exposure of a vulnerability is a true or false positive, tagging the vulnerability or incident with an initial severity classification and to activate the corresponding incident response playbook
entry.
Another objective of this service is to follow pre-defined procedures to perform technical tasks related to identity and access management.

JOB REQUIREMENTS:

Specific skills

• Experience in using, configuring and tuning a Security Information and Event Management, minimum 1 year experience needed.
• Knowledge in network security solution/technologies such as Firewalls, IDS,IPS…
• Knowledge in Host based security solutions
• Knowledge in Host based security solutions such as HIPS, Malware end point protection, OS Logs
• Good knowledge in Windows security events analysis
• Good knowledge in the security analysis of firewall, proxy, and IDS logs
• Writing and optimizing IDS signatures (preferably SNORT and/or SURICATA)
• Experience Writing and optimizing YARA rules is a plus
• Security Operation Center ANALYST with Security Operation Center experience and arcsight and/or splunk expertise!

PRODUCT TOOLS EXPERIENCE:

• Security Information and Event Management experience with Splunk ideally or ArcSight or other SIEM tools
• Log management solution (Arcsight Loggers and/or Splunk or equivalent)

Please refer the Job description for details