Your Role and Responsibilities

The Cyber Threat Monitoring Analyst will deal with cyber security, spam and phishing events as reported by SIEM, TIP, security tools, email, chat, phone calls or direct messages, with the final purpose to identify which event is a cyber security incident and to report GDPR-related events to the DPO. You will review alerts, threat intelligence and security data, identify threats that have entered the network and security gaps and vulnerability currently known. In this role, you will identify events according to documented procedures and industry best practices. You should be experienced in the areas of networking, client/server technologies, and analyzing log files with the ability to identify false positive and true positive events. You must have experience in Linux and Windows operating system, you may also be required to follow the incident response plan and assist Cyber Threat Response Analysts when necessary. You must show enthusiasm and interest in Information Security.

You will be part of the SOC team that runs 24×7, on a rotating shift schedule.

  • First point of contact for cyber security and GDPR-related events
  • First point of analysis of threat intelligence reports
  • Support investigation of cyber security and GDPR-related incidents
  • Conduct events triage
  • Conduct spam and phishing analysis and reaction, and provide recommendations for future similar events
  • Profile and trend events in the environment to determine if an incident needs to be created
  • Provide incident communication and escalation as per the security incident response guidelines
  • Create and deliver GDPR-related events reports and notices
  • Hunt for suspicious anomalous activity based on data alerts or data outputs from various toolsets
  • Escalate IT security tools issues, when necessary
  • Create and maintain daily activity log
  • Perform administrative tasks as per management request (ad-hoc presentaions, trainings, etc.)
  • Assist continuous improvement of processes and work with other teams to improve alerts and rules in the incident monitoring systems

Required Professional and Technical Expertise:

  • At least one year experience in a similar role
  • Experience with analysis and inspection of log information, packets, and other security tool information output from a variety of sources
  • Experience on identification of common cyber security threats affecting Microsoft Windows systems, UNIX systems, application and network devices
  • Experience on GDPR-related events triage and notification
  • Experience on threat intelligence report analysis
  • Experience with log management and security information management tools
  • Experience with SIEM, SOAR, UBA, anti-malware, spam, phishing and TIP tools
  • Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event
  • Knowledge of data protection regulation key principles
  • Knowledge of TCP/IP protocol and related potential security exposures
  • Preferred experience with Splunk Enterprise Security solution
  • English language at B2 level or above

Nice to have:

  • Experience with log search tools such as Splunk, usage of regular expressions and natural language queries
  • Knowledge of common security frameworks (ISO 27001, COBIT, NIST)
  • Previous experience in the financial industry

Preferred Professional and Technical Expertise:

  • CompTIA Security+ certification or equivalent
  • Security Essentials – SEC401 (optional GSEC certification)
  • Intrusion Detection In Depth – SEC503 (optional GCIA certification)
  • Hacker Guard: Security Baseline Training – SEC464

Required Technical and Professional Expertise

  • Experience with analysis and inspection of log information, packets, and other security tool information output from a variety of sources
  • Exposure to network devices, Microsoft Windows systems, UNIX systems, and other security assessment tools (NMAP, Nessus, Metasploit, Netcat, etc.)
  • Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event
  • Experience with log management or security information management tools
  • Familiarity with network security zones, basic reverse engineering principles, and understanding of malware rootkits, proxies, TCP/UDP packets, DNS, SMTP, and HTTP
  • Preferred is experience with Splunk Enterprise Security solution

Nice to have:

  • Experience with log search tools such as Splunk, usage of regular expressions and natural language queries
  • Knowledge of common security frameworks (ISO 27001, COBIT, NIST)
  • Previous experience in the financial industry

Preferred Technical and Professional Expertise

  • Experience in Software programming skills: Python, C/C++/Perl and other scripting languages,
  • An understanding of contemporary and legacy security technologies used within a particular domain (e.g. Firewalls, IDS, Firewalls, IAM, SIEM)
  • Fluent English language (written and spoken)
  • Security Essentials – SEC401 (optional GSEC certification)
  • Intrusion Detection In Depth – SEC503 (optional GCIA certification)
  • Hacker Guard: Security Baseline Training – SEC464
  • Advanced Security Essentials – SEC501 (optional GCED certification)
  • Hacker Techniques, Exploits & Incident Handling – SEC504 (optional GCIH certification)

 

  • Country/Region: IT
  • State: MULTIPLE
  • City: MULTIPLE CITIES
  • Category: Technical Specialist
  • Required Education: Associate’s Degree/College Diploma
  • Position Type: Professional
  • Employment Type: Full-Time

 

Maggiori informazioni al seguente link https://careers.ibm.com/ShowJob/Id/1055151/Cyber-Threat-Monitoring-Analyst/

Twitter
Visit Us
LinkedIn
Share
YOUTUBE