Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach.
Perform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal action
Interface with technical personnel and others teams as required
Produce security incident reports and briefings to be distributed to the team lead and manager
Configure and manage Infrastructure Security and SIEM solutions.
Design, develop and create correlation rules within the Security Information and Event Management (SIEM) platform
Monitor devices and correlation tools for potential threats
Initiate escalation procedure to counteract potential threats/vulnerabilities
Appropriately inform and advise management on incidents and incident prevention
Implements continuous improvement measures on daily basis
Identify, assess, and resolve complex issues/problems within own area of responsibility
Provide Incident remediation and prevention documentation
Document and conform to processes related to security monitoring
Participate in knowledge sharing with other analysts and develop solutions efficiently
Coordinate or participate in individual or team projects
Write technical articles for internal knowledge base
Provide performance metrics as necessary
Develop and optimize technical processes and coordinate procedure documentation.
Good understanding of Security Information and Event Management concepts and hands-on experience on industry standard products.
Work experience in Virtual, AWS and Azure environments
Previous Splunk administration or development experience
Installations, Configuration and troubleshooting of any security devices (e.g., firewall, IDS, etc.)
Basic level of expertise in UNIX, Linux, and Windows Operating System
Complete understanding of TCP/IP, HTTP, HTTPS, SSL, Protocols.
Port scan and Vulnerability scanning techniques should have hands on experience.
Exploit and detection analysis skills, including ability to analyze logs for useful information and patterns
Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.
Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management.
Good understanding of frameworks such as ISO 27001/27002, COBIT, and other relevant compliance such PCI, HIPAA, SOX, FISMA, and others that are required for Security Information and Event Management.
Experience working in a diversified, virtual environment.
Administrational tool development and maintenance.
Desirable to have some certifications such as CISSP, ITIL, CISA, CISM and GIAC-GCIA, GCIH
Desirable to have some advanced Certification from SIEM vendor on products such as McAfee Nitro, HP ArcSight or RSA envision.