Security Operations Centre Analyst
Luxembourg
Applications have closed
Description
The primary objective of this service is to act as the first line of response regarding the potential
occurrence of a cyber attack or security incident. Supported by several automated tools such as
intrusion detection systems, log correlation engines and SIEM, ticketing system, alerts and warning
from internal and external sources, this service involves receiving, triaging and responding to
alerts, requests and reports, and analysing events and potential incidents and to provide the
primary support for incident responders. Triage involves assessing whether a security incident or
the level of exposure of a vulnerability is a true or false positive, tagging the vulnerability or incident
with an initial severity classification and to activate the corresponding incident response playbook
entry. Another objective of this service is to follow pre-defined procedures to perform technical
tasks related to identity and access management.
Tasks
Real-time monitoring of cyber defence and intrusion detection systems
Automatic-based processing (centralisation, filtering and correlation) of security events
Human-based analysis of automatically correlated events
Processing of incoming warnings, alerts and reports
Triage based on verification, level of exposure and impact assessment
Categorize events, incidents and vulnerabilities based on relevance, exposure and impact
Open tickets and ensure case management
Activate initial response plan based on standard playbook entries
Maintain incident response address book
Provide support to incident responders
Advise affected users on appropriate course of action
Monitor open tickets for incidents/vulnerabilities from start to resolution
Escalate unresolved problems to higher levels of support, including the incident response
and vulnerability mitigation teams
Configure the SIEM components for an optimal performance
Improve correlation rules to ensure that the monitoring policy allows an efficient detection of
potential incidents. For a new component to be monitored, this encompasses
Analysing risks and security policy requirements
Translating them into technical events targeting the system components
Identifying the required logs/files/artefacts to collect from the monitored system and,if necessary, possible complementary devices to deploy
Elaborating the relevant detection and correlation rules
Implementing these rules in the SIEM infrastructure
Configuring and tuning cyber-defense solutions
Reviewing and improving the monitoring policy on a regular basis
Integrate cyber-defence solutions for efficient detection
Define dashboards and reports for reporting on KPIs.
Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions
Contribute to the design of the overall monitoring architecture, in close relationship with the customers/system owners, on the one hand, and the security operations engineering team, on the other hand, by performing the following tasks:
Assessment of security events detection solutions, development of solutions;
Integration of these solutions within the security monitoring scheme (log collection architecture, interoperability, formats, network aspects, …);
Deployment and validation of the solutions;
Draft documentation such as architecture design descriptions, assessment reports,
configuration guides, security operating procedures
Produce and maintain accurate and up-to-date technical documentation, including
processes and procedures (so called playbook), related to security incidents and preventive
maintenance procedures
Management of identities and its related user accounts
Management of groups, roles and other means of authorization
Solve incidents, requests and problem tickets from 1st Level Support or internal customers
related to identity and access management
Maintain accurate documentation
During security incidents, implement detection means to monitor attacker activities in realtime
Integrate IOCs in security solutions
Take an active part in developing and improving the maturity framework, and have it understood and implemented by the team, by:
- Designing and drafting SOC processes and procedures framework
- Implementing SOC processes and procedures, deploy collaborative tools and dashboards
- Coaching/training the team on the processes, procedures and tools
- Regularly auditing and reporting on maturity to the management
- Reviewing and improving the framework
Provide activity reports to management to demonstrate service SLA and service quality
Key Requirements:
At least 1 certification among:
GPEN (GIAC Certified Penetration Tester)
GCED (GIAC Certified Entreprise Defender)
GPPA (GIAC Certified Perimeter ProtectionAnalyst)
GCFE (GIAC Certified Forensic Examiner)
GCFA (GIAC Certified Forensic Analyst)
GNFA (GIAC Certified Network Forensic Analyst)
CFCE (IACIS Certified Forensic ComputerExaminer)
CCFP (Certified Cyber Forensics Professional)
SCMO (SABSA Certified Security Operations &Service Management Specialist) or an equivalent certification rec-ognized internationally (subject to acceptance as a valid-credential by the Contracting EU-I)
- Networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.)
- Strong knowledge in the security analysis of firewall,
proxy,and IDS logs - Strong knowledge in the security analysis of Applicable
or Middleware logs (Oracle, Apache, Weblogic) - SIEM (Arcsight ESM 6.x, Q-RADAR, or equivalent -
subject to acceptance by the contracting EU-I) - Log management solution (Arcsight Loggers and/or QRADAR
and/or Splunk or equivalent - subject to
acceptance of the contracting EU-I))
Desirable skills
- STIX (Structured Threat Information Expression) with a
particular focus on the following related standards:
• CybOX (Cyber Observables)
• CAPEC (Attack Patterns)
• MAEC (Malware)
TAXII (Threat Information Exchange) - Experience in using, configuring and tuning a SIEM
- Knowledge in network security solution/technologies
o Firewalls;
o Network IDS and IPS;
o Switches and routers
o APT detection solutions such as
FireEye;
o DNS, DHCP, VPN, …
o Network forensics (full packet capture)
o Traffic baselining analysis - Knowledge in Host based security solutions
o HIPS;
o Malware end-point protection
o OS logs - Strong knowledge in Windows security events analysis
- Writing and optimizing IDS signatures (preferably
SNORT and/or SURICATA) - Writing and optimizing YARA rules
- SNORT or SourceFire NGIPS, FireSIGHT,
- Suricata/StamusNetworks
- ELK (ElasticSearch, Logstash & Kibana)
- FireEye Ex, Nx, Ax, Fx, Hx, Ix
- CheckPoint and Juniper Firewalls
- BlueCoat proxies
The following documents / procedures will be requested to successfully complete the hiring process :
- A copy of your university degree(s)
- A copy of your criminal record
- Security Clearance Procedure
WHO WE ARE?
CRI company part of VASS Group, leads the digital transformation and cyber security in the European Union.
CRI operates serving the European Union Institutions, telecom operators, financial institutions and governmental bodies through a comprehensive offering of services and technologies.
Please visit our website and let's get in touch: www.cri-group.eu
Tags: APT ArcSight Audits Clearance DNS Elasticsearch ELK Firewalls Forensics GCED GCFA GIAC GNFA GPEN IAM IDS Incident response Intrusion detection IPS KPIs Malware Monitoring Network security Oracle QRadar Security analysis Security Clearance SIEM Snort SOC Sourcefire Splunk TCP/IP VPN Vulnerabilities Windows
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs