Job Description

Functional Responsibilites: Assist end users / Local IT Teams / Applications teams / Infrastructure Support teams in understanding security issues and applying mitigation strategies..

• Execute deep dives and threat hunts beyond the one-of incident tickets and propose corrective actions.
• Follow up on Cyber Threat Intelligence information and suggest detection use cases.
• Perform reactive incident analysis to conclusion or prepare it for escallation when needed
• Document the incident analysis to ensure a swift handover to l3 or other incident responders
• Effectively identify threats by performing relevant research and data analysis.
• Transmit security incidents to the appropriate teams for remediation and follow up on the incident to resolution
• Assist end users / Local IT Teams / Applications teams / Infrastructure Support teams in understanding security issues and applying mitigation strategies..
• Execute deep dives and threat hunts beyond the one-of incident tickets and propose corrective actions.
• Follow up on Cyber Threat Intelligence information and suggest detection use cases.

Specific Skills:

Keen ability to diagnose and troubleshoot technical issues.
Good understanding of IT Infrastructure landscape and the various components especially active directory, kerberos, adcs...
Good knowledge of Windows security logs.
Good understanding of network technologies.
Good understanding of Azure & O365 Cloud and the security technologies around it.
Prior experience with SIEM and EDR tools is manatory, NDR is a plus.
Ability to wite detection queries in any language SPL, EKQL, MS-KQL, ArcSight ...
Ability to interprete PCAPS
Baisc regex knowledge
Network Security Fundamentals:
Understanding of network protocols, firewalls, VPNs, proxies, and IDS/IPS (Intrusion Detection/Prevention Systems).
Knowledge of TCP/IP, DNS, HTTP, SSL/TLS, and other networking protocols.
Proficiency in analyzing network packet captures with Wireshark, tshark

• Intrusion Detection Systems (IDS):
• Experience with IDS tools such as Suricata, Bro/Zeek.Ability to analyze alerts from IDS.Industrial Control Systems (ICS) Security (optional):Familiarity with ICS protocols such as SS7, Modbus and OPCAbility to analyze alerts from IDS.Industrial Control Systems (ICS) Security (optional):Familiarity with ICS protocols such as SS7, Modbus and OPCMandiatry Skills:Tools:
• Azure Sentinel
• Microsoft KQL
• Micrososft E5 security stack: Defender for Endpoint, Defender for Identity, Defender for O365, Defender for CloudApps
• Defender for Cloud

Analysis Skills:Expected Qualites:

• Malware incident analysis - ability to interprete sandbox results, perform basic static and maldoc analysis.
• Phising campaigns - ability to interprete email headers
• Good knowledge on TTP's used by various threat actors (Mitre Att&ck) and how to detect them.
• Ability to create detection hypothesis and the queries to confirm it.
• Ability to spot repeat alerts and to suggest rule tunings
• Ability to follow existing playbooks but also to suggest improvements on them.
• Dynamic and Hands on
• Should be assertive and possess the flexibility to orient him / herself to the demands of the business.
• Strong communication skills and a high degree of energy
• Good analytical and p Ability to analyze alerts from IDS.Industrial Control Systems (ICS) Security (optional):
• Familiarity with ICS protocols such as SS7, Modbus and OPC lanning skills
• Ability to function effectively in a quality conscious, process driven and extremely productivity driven organization

Job Type: Full-time

Pay: ?200,000.00 - ?1,200,000.00 per year

Shift:

• Rotational shift

Work Days:

• Monday to Friday

Experience:

• total work: 1 year (Preferred)

Work Location: In person