Security Operations Engineer

Дата:26 Августа
Квалификация:Strong hands-on experience with Security Information and Event Management (SIEM) / Incident Management & Automation systems
At least 3+ years of experience in a similar technical security role with a strong background in security tools
Strong understanding of Information Security, IT and Networking principles
Proven experience in administering security controls in an organization
Technical knowledge related to cyber security monitoring platforms such as intrusion detection systems (IDS), Endpoint Protection, Web proxies, firewalls, EDR, UEBA, CASB, etc.
Ability to identifies and develop workflow automation to lower response time and eliminate lengthy response times
Deep understanding of network and application security threats, attack techniques and mitigation options
Experience responding to, analyzing, and communicating information security incidents
Security mindset with business enablement strategy thinking
Must be able to learn fast and adapt quickly to ever changing requirements and priorities
Relevant Security, Systems, and Networking certifications a plus
Good English communication skills (both speaking and writing)
Задачи:Support, maintain and operate security infrastructure and technologies used by SOC and make recommendations to enhance threat detection
Build up and improve real-time security monitoring and incident response framework and playbooks
Develop security detection use cases, tune signatures and refine analytical models in order to identify malicious activity
Maintain, tune and troubleshoot SIEM Solution to deliver optimal performance and best detection and investigation capabilities
Identify new data sources and integrate them into monitoring operations
Evaluate and implement new information security tools and technologies in support of SOC needs
Provide analysis and trending of security events, alarms, and information from a large number of heterogeneous security devices and critical environments
Provide Incident Response (IR) investigation, support and triage to security alerts
Participate in knowledge sharing with other analysts and improve incident response documentation