Monitor for indicators of attack and improve our processes and procedure. This person will be responsible for detecting threats and vulnerabilities in target systems, networks, and applications by conducting systems, network and web vulnerability assessment / security testing. The ideal candidate will also have experience reviewing security events from multiple systems
(Windows, Unix, routers, switches and endpoints) and be able to understand what events are benign and what may be malicious based on data classification, behavior and context.
Job Duties:
Review and triage events and design/implement correlation searches to respond to changes in the environment while reducing false positives.
Monitor for and detect security events from SIEM, Log collection Engines and other security technologies, such as Splunk while performing investigations using various Monitoring Security technologies (i.e. IDS/IPS, DLP, etc.).
Review alerts escalated by end users and perform initial triage of incoming issues (initially assessing the priority of the event, initial determination of event to determine risk and damage or appropriate routing of security or privacy data request).
Monitor health alerts and downstream dependencies in addition to providing limited response to end users for low complexity security events and reviewing false positive with the various Security teams to tune and provide feedback to improve accuracy of the alerts.
Document, investigate and notify appropriate contact for security events and response while participating in the resolution of events, even after they are escalated.
Collaborate with technical teams for security incident remediation and communication.
Conduct proof of concepts, vendor comparisons and recommend solutions in line with business requirements and execute security research on threats and remediation methods.
Contribute to strategic planning to evaluate, deploy or update security technologies.
Create process improvement by identifying inefficiencies and solutions for process improvements while following standard methodology to identify and/or detect threats to the IT infrastructure, applications and other information assets.
Promote cross-department collaboration and communication to ensure appropriate processes, procedures and tools are installed, monitored, and effectively operating and alerting
Update job knowledge by tracking and understanding emerging security practices and standards while participating in educational opportunities, and reading professional publications.
Required Qualifications & Experience:
Bachelor’s Degree is required
3+ years’ experience in information security, governance, IT audit, or risk management, Security investigations process and procedures
Experience writing correlation searches in Splunk ES
Ability to demonstrate technical experience working with enterprise security technologies like SIEM, antivirus/malware, IDS, WAF, DDoS mitigation platforms
General network knowledge, TCP/IP, Internet Routing, UNIX / LINUX & Windows OS
Understanding of common network services (web, mail, DNS, authentication)
Previous experience in Windows/UNIX scripting languages (bash, Python, Regex and PowerShell)
תגובות