Cyber Security Analyst

Дата:15 Октября
Квалификация:5+ years of progressive experience in IT security
Good understanding of computer networks (VLAN, IP addressing, security zones of trust, etc.)
Strong administrative skills in OS (Windows and Linux), docker and cloud environments administration including understanding of and experience in security aspects
Solid knowledge of and previous experience with: IDS/IPS; Web Security Proxy; WAF; DLP; Vulnerability Scanners; Malware and Endpoint Protection tools; SIEM (Splunk, QRadar, ELK, OSSIM) including experience with vendor best practices (a MUST); Security Log Management tools (syslog-ng, rsyslog, logstash, graylog, etc.)
Understanding of common types of security attacks (DNS cache poisoning, ARP spoofing, DDoS, XSS, CSRF, SQL Injection, etc.)
Experience with MITRE-stack attacks detection, response, protection against them
Strong computer language skills (Python, Bash, JS, PHP, etc.) including security aspects and best practices
Strong cybersecurity analysis and situational awareness skills
Good command of English, proven writing and editing skills
Proactive, result-oriented personality able to work in a team
Any professional security certification such as CEH, CISSP, CISM and CISA is advantage.
Задачи:Threat hunting in customer's infrastructure
Ability to triage security events with newly developed attacks
Developing new Cases for chosen SIEM systems
Tuning of present Cases to Customer needs
Monitoring compliance of IT infrastructure nodes with applicable security requirements
Handling security vulnerabilities and risks in the IT environment
Setting up triggers and reviewing daily security events generated by SIEM, IDS and other security monitoring and threat intelligence tools
Prioritizing and differentiating between potential intrusion attempts and false alarms
Handling security incidents as reported by individuals or automated systems
Administering and monitoring security dedicated systems (SIEM, IPS/IDS, WAF, Firewall, Proxy, Antivirus, IAM/PAM, PKI, VPN, Log collection and analytics, etc.)
Security operation center member
Taking part in penetration testing activities to find customers' infrastructure vulnerabilities.