Perform monitoring, research, assessment and analysis on alerts from various security tools, including IDPS tools, SIEM, Anomaly detection systems, firewalls, antivirus systems, user behavior analytics tools, endpoint inspection, and proxy devices.
Follow pre-defined actions to investigate possible security incidents or perform incident response actions, including escalating to other support groups.
Responsible for proactively identifying, investigating, and mitigating cyber threats
Ensure proper functioning of systems in the Security Operations Centre.
Enhance and Build Cyber threat detection use cases and assist in analyzing & reducing false positive.
Support the development and enhancement of SOC incident response capabilities.
Respond to inbound Change Requests (CRs), Service Requests (SRs), Queries for handling Incident Management.
Execute daily ad hoc tasks or lead projects as needed.
Requirement
Minimum 4 - 5 years of working experience in IT environment.
S1 Degree in Information System/Information Security from a recognized institution. Strong knowledge on TCP/IP, Networking, Operating Systems and Cyber Security Concepts.
The analyst will be part of an 8x5 Cyber Security Operations function, working onsite at the customer's premises, and must be willing to work in shifts if required
Strong level of experience with and understanding of firewalls, Antivirus and endpoint detection.
Strong Incident Response and Forensics skills
Good working knowledge of Linux including the ability to run command lines, editing files and scripting.
Knowledge of commonly-accepted information security principles and practices, as well as techniques attackers would use to identify vulnerabilities, gain unauthorized access, escalate privileges and access restricted information.
Solid understanding of threats reported by various data sources such as IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies.
Excellent communication skills.
Experience in Scripting with Python, Bash or PowerShell is an advantage.
Hold one or more tech certification (e.g. MCP, MSCE, CCNA Security, CEH, Security+, CSA, AWS)
