Position: Cyber Security Analyst
Job Description:
• Monitoring of SIEM and other security solutions dashboards, as assigned.Handling incidents escalated by the L1/L2 team in 24x7 rotational shiftsCarry out in-depth investigation and correlation and work with the stakeholders towards mitigation and closure of critical, high severity and other complex incidents.SIEM support activities which includes adhoc reporting and basic troubleshootingCoordinating with Security SMEs to build hunting rules and triggers, which focus on adversary activity within the ICS/OT domain.Minimize gaps in incident response and provide for comprehensive risk mitigation.Updating of incident response playbooks to cater for emerging threat scenarios and ensure response actions align with the best practices.Prepare reports, KPI dashboard for customersLiaise with stakeholders in relation to cyber security issues and provide future recommendationsAssist with the creation, maintenance and delivery of cyber security awareness training for colleaguesHands-on experience in network security technologies Such as SIEM (Azure Sentinel), Next Gen Firewalls, Proxy, IDS / IPS, DDOS, Antimalware protection, DNS Security, VPN Security, Cloud Firewalls (E.g., NSG)Working Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g; application of defense-in-depth). Should have working experience in Cloud platforms such as AWS or Azure or GCP Handle multiple competing priorities and high impact incidents/escalationsShare learnings and best practices amongst team members including keeping internal knowledge databases updatedSOC Team Shift Roster Management & Keep Security Operation Centre running 24x7.
Mandatory:
• Data Analytics, Automation, API, Tableau, Power BI, Python
• Demonstrated success in assessing, identifying, and addressing cybersecurity risks in an industrial environment
• Strong knowledge OT security, SOC operations, application security, vulnerability management, data protection, infrastructure security and information security
• Network knowledge: architecture, components, firewall configuration/IP, VLAN, subnets, protocols (SMB, LDAP, DNS, DHCP, TCP, HTTP, UDP, NTP)
• Investigation skills: Logs and PCAP (Packet Capture) analysis, network Forensic, OS Forensic and SOC, SIEM based analysis
• Reporting skills: investigation reporting, incident resolution reporting
• Incident Ticketing process
• Tools: SIEM (MS Sentinel, Splunk etc)Nessus Scanner, S1 EDR, Markdown, Wireshark, Office suite or equivalent
• SOC, SIEM, NIDS, IPS platforms, NMS EDR, EFW
• Customer interaction & consultative skills
Good to Have :
• Systems: Linux, Windows administration, SCADA, PLC, HMI, DCS
• Certifications: IEC62443, CISSP, CCNA, CCNP..
• Industrial architecture, industrial protocol knowledge, IEC/NIST framework
Work Experience
Qualifications :
•2 - 4 years IT/OT security, industrial cybersecurity and change management
•Bachelor's degree or equivalent work experience required
•Collaborative with ability to manage relationships across multiple functional areas & customers
•Excellent English mandatory