The SOC Analyst sits within Security Operations Centre and will be joining an exciting and growing part of the business, involved in internal and client environments. This role is perfect for someone who is an experienced analyst with a knowledge and understanding of having been in a SOC environment.
NOTE: we will however also accept applications from suitably qualified junior applicants seeking to develop their career in this area.
* Analyse, triage and respond to security events, alarms and escalations, acting as the 1st line security event analyst monitoring the Security Information and Event Management (SIEM) system. Providing an initial analysis of event data and network traffic, making security event determinations on alarm severity, escalation, and response routing.
* Conduct research and assessments of security events, providing analysis of firewall, IDS, anti-virus and other network sensor produced events, to feed in to SOC reporting activities and improvements.
* Monitor threat & vulnerability news services for any relevant information that may impact installed infrastructure. Analyse reports to understand threat campaign techniques, lateral movements and extract indicators of compromise.
* Write, modify, and fine tune, SIEM rulesets for improved alerting and reduction of false positives.
* Analyse log data from various sources
* Participate in compliance/vulnerability assessment scanning, and develop mitigation and remediation plans from the assessment findings
* Create and update security event investigation notes on open incidents and maintain case data in the incident response management platform.
* Provide input, as requested, for Security, Risk, Compliance and Service reporting
* Assisting in the definition of analysis procedures and protocols
* Understanding of performing 1st level analysis and interpretation of information from SOC systems; incident identification/analysis, escalation procedures, and reduction of false-positives.
* Knowledge of multiple operating systems and applicable system administration skills
* Experience using Security tools, such as Vulnerability scanners, IDS/IPS, SIEM, etc.
* Knowledge of TCP/IP and a good background with network troubleshooting and technologies; Firewall configuration, monitoring, network packet capture (tcpdump/wireshark), etc.
* An understanding of threat analysis, threat hunting and intelligence feed.
* Experience of network protocols such as TCP/IP, HTTP, DNS, etc;
* Comprehensive knowledge of IDS/IPS principals
* Good understanding of a range of other protocols such as ARP, DHCP, SMTP, FTP, Telnet, IRC, LDAP, SSL;
Desirable Technical Skills:
* Host based forensics
* Experience with SQL and or defining database schemas
* Malware analysis and sandboxing
* Experience in writing Regular Expressions
* Masters or Bachelor's degree in Computer Science, Information Technology, or related field.
* Scripting - Python, Ruby, Bash Linux/Unix experience, Ability to write Macros
* Networking certifications (e.g. CCNA - Security, CCNP)
* Security specialist certifications (e.g. GSEC, CEH, CISSP, GCIH)
* Operating System certifications (e.g. MCSE, RHCE, HPUX CSE)
* IT security related qualifications - GCIA/GCIH/CISSP, CREST - CRIA, CCHIA, CCNIA
If you are interested in applying for this role, please do so via the relevant links. If you would like to discuss this role in confidence please contact Tom Leonard in itContracting directly ( 01 218 7721 or tom dot leonard at itContracting dot ie )
Evros/ itContracting is an equal opportunity employer who seeks to recruit and appoint the best available person for a job regardless of marital / civil partnership status, sex (including pregnancy), age, religion, belief, race, nationality and ethnic or national origin, colour, sexual orientation or disability. Evros / itContracting apply all relevant Data Protection laws when processing your Personal Data.