Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
JOB PURPOSE:
- Handles security incident escalations.
- Communicates directly with data asset owners and business response plan owners during high
- severity incidents.
- Hunts for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
- Assists continuous improvement of processes and work with other teams to improve alerts and rules in the incident monitoring systems.
KEY ACCOUNTABILITIES:
- Performs in depth analysis and triage of security threat activities to confirm if the reported incident is a real incident or a false positive.
- Thinks critically and creatively while analyzing security events, network traffic, and logs.
- Identifies incident root cause and take proactive mitigation steps.
- Takes an active part in the containment of incidents by engaging with concerned teams step by step to provide the best way to contain the incident.
- Gives best scenarios to contain the incident with the minimum side effects.
- Gives recommendations to concerned teams to close the incident with proper actions.
- Communicates directly with data asset owners and business response plan owners during high severity incidents
- Follows detailed operational process and procedures to appropriately response for the incidents.
- Communicates with the owners to facilitate any obstacle stands in front of IR team to do the required steps.
- Assists continuous improvement of processes and work internally at the team and with other teams to improve alerts and rules in the incident monitoring systems:
- Enhances and fine tunes SIEM rules to identify more security incidents and reduces false positive alarms.
- Assists the current security controls and give best recommendations for concerned teams based on number of incidents per control.
- Builds required use-cases to detect more sophisticated attacks.
- Builds IR plan for each use-case to match best practice.
- Hunts for suspicious anomalous activity based on data alerts or data outputs from various toolsets:
- Reviews security events that are populated in a Security Information and Event Management (SIEM) system.
- Conducts further investigate for alerts to identify tactics, techniques and procedures used by the attacker to gain and maintain access in the network.
- Explores worldwide threats against IT/ Communication business and map these techniques with Etisalat network behavior.
- Reviews global threat Intelligence, investigates and provides Indicator of Compromises (IOC) and converts intelligence into useful detections.
Job Requirements
Essential
- University Degree in: BSC in Communication Engineering, Computer Engineering or Computer science.
- Familiarity with the risk management framework NIST 800-37.
- Familiarity with security controls as described in NIST 800- 35.
- Experience with analysis and inspection of log information, packets, and other security tool information output from a variety of sources.
- Excellent analytical and problem solving skills.
- Knowledge of packet capture and analysis.
- Strong interpersonal skills to interact with team members and upper management.
- Strong collaborative skills.
- Self-discipline to work according to playbook and time requirements.
- Passion for cyber security and staying up-to-date with current threats, tools and techniques.
- Willingness to learn new security technologies, products and incident analysis and response approaches.
- Excellent written and oral communication skills.
- Hands-on experience with some or all of the following is preferred:
- Windows, Linux and Cisco operating systems.
- Net Flow and full packet capture technology.
- ntrusion Detection Systems (IDS) and SIEM technologies.
- Firewalls, antivirus and other similar network security tools.
- Fundamental understanding of:
- Information security and Network Security Monitoring.
- Computer networking (TCP/IP).
- Cyber Security Incident Response, client-side and server-side attack chain and modern malware threats.
- Knowledge and experience with scripting and programming (Python, PERL, etc.) is highly preferred.
- Ability to prioritize tasks.
Experience:
Essential
- Minimum of 2 years’ experience.
- Area of experience: information security. Desirable
- 3-5 years’ experience.
- Area of experience: information security.
CERTIFICATIONS / CREDENTIALS / MEMBERSHIPS / LICENSES:
Essential:
- Security training about information security solutions.
- Different security certificates from common security vendors