Junior SOC analyst
Tasks
- Real-time monitoring of cyber defence and intrusion detection systems
- Automatic-based processing (centralisation, filtering and correlation) of security events
- Human-based analysis of automatically correlated events
- Processing of incoming warnings, alerts and reports
- Triage based on verification, level of exposure and impact assessment
- Categorize events, incidents and vulnerabilities based on relevance, exposure and impact
- Open tickets and ensure case management
- Activate initial response plan based on standard playbook entries
- Maintain incident response address book
- Provide support to incident responders
- Advise affected users on appropriate course of action
- Monitor open tickets for incidents/vulnerabilities from start to resolution
- Escalate unresolved problems to higher levels of support, including the incident response and vulnerability mitigation teams
- Configure the SIEM components for an optimal performance
- Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions
- Solve incidents, requests and problem tickets from 1st Level Support or internal customers related to identity and access management
- Maintain accurate documentation
- During security incidents, implement detection means to monitor attacker activities in realtime
- During security incidents, support the incident response team in the review/analysis of security logs and visualise the attack.
- Provide activity reports to management to demonstrate service SLA and service quality
Mandatory Requirements:
- SOC Analyst and/or first line incident responder
- Networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.)
- Strong knowledge in the security analysis of firewall, proxy,and IDS logs
- Strong knowledge in the security analysis of Applicable or Middleware logs (Oracle, Apache, Weblogic)
- SIEM (Arcsight ESM 6.x, Q-RADAR, or equivalent - subject to acceptance by the contracting EU-I)
- Log management solution (Arcsight Loggers and/or QRADAR and/or Splunk or equivalent - subject to acceptance of the contracting EU-I)
Nice-to-have qualifications:
-
At least 1 certification in the field of incident handling:
- GCIH (GIAC Certified Incident Handler)
- GCIA (GIAC Certified Intrusion Analyst)
- ECIH (EC-Council Certified Incident Handler)
- CSIH (SEI Certified Computer Security Incident Handler)
- SCPO (SABSA Certifed Security Operations & Service Management
- Practitioner)
- or an equivalent certification recognized internationally (subject to acceptance as a valid credential by the Contracting EU-I)
STIX (Structured Threat Information Expression) with a particular focus on the following related standards:
CybOX (Cyber Observables)
CAPEC (Attack Patterns)
MAEC (Malware)
TAXII (Threat Information Exchange)
Experience in using, configuring and tuning a SIEM
Knowledge in network security solution/technologies
- Firewalls;
- Network IDS and IPS; o Switches and routers
- APT detection solutions such as
- FireEye; o DNS, DHCP, VPN, …
Network forensics (full packet capture) o Traffic baselining analysis
Knowledge in Host based security solutions: HIPS; Malware end-point protection, OS logs
Strong knowledge in Windows security events analysis
Writing and optimizing IDS signatures (preferably SNORT and/or SURICATA)
Writing and optimizing YARA rules
SNORT or SourceFire NGIPS, FireSIGHT,
Suricata/StamusNetworks
ELK (ElasticSearch, Logstash & Kibana)
FireEye Ex, Nx, Ax, Fx, Hx, Ix
CheckPoint and Juniper Firewalls
BlueCoat proxies
The following documents / procedures will be requested to successfully complete the hiring process :
- A copy of your university degree(s)
- A copy of your criminal record
- Security Clearance Procedure
WHO WE ARE?
CRI company part of VASS Group, leads the digital transformation and cyber security in the European Union.
CRI operates serving the European Union Institutions, telecom operators, financial institutions and governmental bodies through a comprehensive offering of services and technologies.
Please visit our website and let's get in touch: www.cri-group.eu
CRI Groups is a leading pump manufacturer in India, providing a comprehensive range of pumps, pipes, wires, cables, and valves for diverse applications. With a legacy of excellence since 1960, CRI offers complete agricultural pumping solutions and inno...
- Founded
- Founded 1961
- Employees
- 500+ employees
- Industry
- Industrial Conglomerates