SOC Analyst
Amsterdam, Netherlands
Applications have closed
NRB Group
NRB est le plus important groupe IT en Belgique. Nous proposons des services et des solutions informatiques innovantes et de la plus haute qualité.Trasys International offers IT Consulting jobs at the European Institutions and International Organizations.
For a project for one of our client based in Amsterdam, Trasys International is looking for a SOC Analyst.
The consultant will act as the first line of response regarding the potential occurrence of a cyber attack or security incident. Supported by several automated tools such as intrusion detection systems, log correlation engines and SIEM, ticketing system, alerts and warning from internal and external sources, this service involves receiving, triaging and responding to alerts, requests and reports, and analysing events and potential incidents and to provide the primary support for incident responders. Triage involves assessing whether a security incident or the level of exposure of a vulnerability is a true or false positive, tagging the vulnerability or incident with an initial severity classification and to activate the corresponding incident response playbook entry. Another objective of this service is to follow pre-defined procedures to perform technical tasks related to identity and access management.
Your main responsibilities:
- Real-time monitoring of cyber defence and intrusion detection systems;
- Automatic-based processing (centralisation, filtering and correlation) of security events;
- Processing of incoming warnings, alerts and reports;
- Triage based on verification, level of exposure and impact assessment;
- Categorize events, incidents and vulnerabilities based on relevance, exposure and impact;
- Open tickets and ensure case management;
- Activate initial response plan based on standard playbook entries;
- Maintain incident response address book:
- Provide support to incident responders;
- Advise affected users on appropriate course of action;
- Monitor open tickets for incidents/vulnerabilities from start to resolution;
- Escalate unresolved problems to higher levels of support, including the incident response and vulnerability mitigation teams;
- Configure the SIEM components for an optimal performance;
- Improve correlation rules to ensure that the monitoring policy allows an efficient detection of potential incidents;
- Analysing risks and security policy requirements;
- Translating them into technical events targeting the system components;
- Identifying the required logs/files/artefacts to collect from the monitored system and, if necessary, possible complementary devices to deploy;
- Elaborating the relevant detection and correlation rules;
- Implementing these rules in the SIEM infrastructure;
- Configuring and tuning cyber-defense solutions;
- Integrate cyber-defence solutions for efficient detection;
- Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions;
- Solve incidents, requests and problem tickets from 1st Level Support or internal customers related to identity and access management;
- Maintain accurate documentation;
- During security incidents, implement detection means to monitor attacker activities in realtime;
- Integrate IOCs in security solutions;
- Provide activity reports to management to demonstrate service SLA and service quality.
Requirements
- You have a Bachelor's level or 3 years of higher education in a relevant field to the position;
- You have at least 5 years of experience;
- You have at least 3 years of experience as SOC Analyst and/or first line incident responder;
- You have at least one of the following certifications: GPEN (GIAC Certified Penetration Tester); GCED (GIAC Certified Entreprise Defender); GPPA (GIAC Certified Perimeter ProtectionAnalyst); GCFE (GIAC Certified Forensic Examiner); GCFA (GIAC Certified Forensic Analyst); GNFA (GIAC Certified Network Forensic Analyst); CFCE (IACIS Certified Forensic ComputerExaminer); CCFP (Certified Cyber Forensics Professional); SCMO (SABSA Certified Security Operations &Service Management Specialist).
- Networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.);
- Experience in using, configuring and tuning a SIEM;
- Knowledge in network security solution/technologies: Firewalls; Network IDS and IPS; Switches and routers APT detection solutions such as FireEye; DNS, DHCP, VPN; Network forensics (full packet capture); Traffic baselining analysis;
- Knowledge in Host based security solutions: HIPS; Malware end-point protection; OS logs;
- Strong knowledge in Windows security events analysis;
- Strong knowledge in the security analysis of firewall, proxy,and IDS logs;
- Writing and optimizing IDS signatures (preferably SNORT and/or SURICATA);
- Strong knowledge in the security analysis of Applicable or Middleware logs (Oracle, Apache, Weblogic);
- Writing and optimizing YARA rules.
Nationality and Security Clearance
As a Personal Security Clearance of level "EU SECRET/SECRET EU" might be requested for this profile, only candidates with a valid EU citizenship will be taken into consideration.
We are TRASYS International, NRB Group, an ICT company with over 30 years of a successful track record working with European Institutions and Agencies, offering IT consulting, solutions and services. Our Mission is to help our clients keep up with the challenges of digital transformation by providing the right talent at the right time for the right job. To this end, we are constantly looking for talented professionals who are interested in working on challenging international projects and able to deliver high-quality results within multicultural environments. Our services include (but are not limited to) modernisation solutions, digital workspaces, cloud technologies and IT security. Our Headquarters are in Brussels and we have active accounts and offices across Europe (i.e. Luxembourg, Amsterdam, Athens, Stockholm, Geneva).
Tags: APT Clearance Cloud DNS Firewalls Forensics GCED GCFA GIAC GNFA GPEN IDS Incident response Intrusion detection IPS Malware Monitoring Network security Oracle Security analysis Security Clearance SIEM Snort TCP/IP VPN Vulnerabilities Windows
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs