IBM ricerca un Threat Intelligence – Analista di livello 2 per la sede di Segrate che si occupi di incidenti critici, valutazioni di vulnerabilità e test di penetrazione per valutare la resilienza dell’organizzazione e isolare le aree di debolezza che richiedono attenzione.
Your Role and Responsibilities
The Threat Intelligence – Level 2 Analyst deals with critical incidents, carries out vulnerability assesments and penetration testing to assess the resilience of the organisation and to isolate areas of weakness that needs attention. You will review alerts, threat intelligence and security data. You will identify threats that have entered the networks and security gaps and vulnerabilities currentkly known. In this role, you will be responsible for conducting incident response operations according to documented response procedures playbook and industry best practices. You must have excellent communication skills and extensive experience in multiple security areas such as SIEM, IDS, APT, and WAF. You will be required to participate in multiple intelligence communities and be able to disseminate pertinent information throughout the SOC. You should have extensive experience in Linux and/or Windows operating systems as well as having a deep knowledge of networking and attack methods. You must display enthusiasm and interest in Information Security and demonstrate leadership capabilities in order to lead and manage security incident response escalation and coordination. Part of the SOC team that runs 24×7, on a rotating shift schedule.
- First point of escalation for the Tier 2
- Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets
- Review and build new operational processes and procedures
- Provide first responder forensics analysis and investigation
- Drives containment strategy during data loss or breach events
- Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)
- Works directly with data asset owners and business response plan owners during low and medium severity incidents
- Advice on the tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems
- Provide use case creation/tuning recommendations to administrators based on findings during investigations or threat information reviews
- Lead response actions for incidents where CIRT is not required to intervene (low/medium priority)
- Performing administrative tasks per management request (ad-hoc reports / trainings)
Required Technical and Professional Expertise
- Functional and Technical Competences
- Prior experience in a similar position
- Possess good logical and analytical skills to help in analysis of security events/incidents
- Experience of network security zones, Firewall configurations, IDS policies
- Knowledge of systems communications from OSI Layer 1 to 7
- Experience with Systems Administration, Middleware, and Application Administration
- Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
- Good knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack etc.)
Preferred Technical and Professional Expertise
Nice to have:
- Experience with log search tools such as Splunk, usage of regular expressions and natural language queries
- Knowledge of common security frameworks (ISO 27001, COBIT, NIST)
- Knowledge of encryption and cryptography
- Previous experience in the financial industry
Training, Qualifications and Certifications
Preferred:
- CEH certified
- SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling training
- Advanced Security Essentials – SEC501 (optional GCED certification)
- Perimeter Protection In Depth – SEC502 (optional GCFW certification).
Per ulteriori informazioni sulla posizione si prega di consultare il seguente link: