Your Role and Responsibilities

The Cyber Threat Response Analyst deals with cyber security incidents and GDPR-related, carries out incidents remediation checks and analyzes threat intelligence reports with the final goal to improve the cyber resilience of the organisation. You will review alerts, threat intelligence and security data. You will identify threats that have entered the networks and security gaps and vulnerabilities currently known. In this role, you will be responsible for conducting incident response operations according to documented response procedures playbook and industry best practices. You must have excellent communication skills and extensive experience in multiple security areas such as SIEM, UBA, malware, phishing, APT, TIP and WAF. You will be required to keep yourself updated with latest threats, threat actors and threat campaigns and be able to disseminate pertinent information throughout the SOC. You should have extensive experience in Linux and/or Windows operating systems as well as having a deep knowledge of networking and attack methods. You must display enthusiasm and interest in Information Security and demonstrate leadership capabilities in order to lead and manage security incident response escalation and coordination.

You will be part of a SOC and CERT team and will operate during business hours plus on-call shifts.

  • Hunting for suspicious anomalous activity based on data alerts or data outputs from SIEM and several other IT security tools
  • Drives containment strategy during data loss or breach events
  • Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)
  • Recommend incident containment and remediation actions to the resolver groups
  • Check for incident remediation actions completeness on a regular basis, and perform occasional vulnerability assessment and penetration tests to validate the effectiveness of such remediations
  • Provide use case creation/tuning recommendations to SIEM administrators based on findings during investigations or threat information reviews
  • Develop and deliver incident reporting for executives and managers
  • Create and maintain daily activity log
  • Assist continuous improvement of processes and work with other teams to improve alerts and rules in the incident monitoring systems
  • Perform administrative tasks as per management request (ad-hoc presentaions, trainings, etc.)

Required Professional and Technical Expertise
Functional and Technical Competences:

  • At least 2 years prior experience in a similar position
  • Possess good logical and analytical skills to help in analysis of security events/incidents
  • Possess ability to build and execute an incident containment strategy
  • Possess effective and structured verbal and written communication skills
  • Knowledge of most active threat actors and most common attack vectors
  • Knowledge of data protection regulation key principles
  • Knowledge of TCP/IP protocol and related potential security exposures
  • Knowledge of systems communications from OSI Layer 1 to 7
  • Knowledge of log formats and ability to aggregate and parse log data for syslog, HTTP logs, DB logs for investigation purposes
  • Experience on network and endpoint security administration tools
  • Experience with SIEM, SOAR, UBA, anti-malware, spam, phishing and TIP tools
  • Experience with Systems Administration, Middleware, and Application Administration
  • Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
  • Good knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack etc.)
  • English level of B2 or above

Preferred Professional and Technical Expertise
Nice to have:

  • Experience in Software programming skills: Python, C/C++/Perl and other scripting languages,
  • Experience with log search tools, usage of regular expressions and natural language queries
  • An understanding of contemporary and legacy security technologies used within a particular domain (e.g. Firewalls, IDS, Firewalls, IAM, SIEM)
  • Knowledge of common security frameworks (ISO 27001, COBIT, NIST, etc.)
  • Knowledge of regulatory landscape applicable to financial industry (NIS, PSD2, etc.)
  • Knowledge of encryption and cryptography principles
  • Previous experience in the financial industry

Training, Qualifications and Certifications Preferred:

  • CEH or CIH certified, or equivalent
  • SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling training
  • Advanced Security Essentials – SEC501 (optional GCED certification)
  • Hacker Techniques, Exploits & Incident Handling – SEC504 (optional GCIH certification)

Required Technical and Professional Expertise
Functional and Technical Competences

  • Prior experience in a similar position
  • Possess good logical and analytical skills to help in analysis of security events/incidents
  • Experience of network security zones, Firewall configurations, IDS policies
  • Knowledge of systems communications from OSI Layer 1 to 7
  • Experience with Systems Administration, Middleware, and Application Administration
  • Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
  • Good knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack etc.)

Preferred Technical and Professional Expertise
Nice to have:

  • Experience with log search tools such as Splunk, usage of regular expressions and natural language queries
  • Knowledge of common security frameworks (ISO 27001, COBIT, NIST)
  • Knowledge of encryption and cryptography
  • Previous experience in the financial industry

Training, Qualifications and Certifications Preferred:

  • CEH certified
  • SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling training
  • Advanced Security Essentials – SEC501 (optional GCED certification)
  • Perimeter Protection In Depth – SEC502 (optional GCFW certification)
  • Country/Region: IT
  • State: MULTIPLE
  • City: MULTIPLE CITIES
  • Category: Technical Specialist
  • Required Education: Associate’s Degree/College Diploma
  • Position Type: Professional
  • Employment Type: Full-Time

 

Maggiori informazioni al seguente link https://careers.ibm.com/ShowJob/Id/1055158/Cyber-Threat-Response-Analyst/

Twitter
Visit Us
LinkedIn
Share
YOUTUBE