Tier I - Security Analyst
As a Cybersecurity Analyst for the Security Operations Centre (SOC), you are a member of a team which manages IT security on behalf of customers to reduce the impact of security incidents and system compromises. This team provides security monitoring, event investigation and analysis, and countermeasure proposals. As part of the team responsible for the 24x7 Security Event Management Service, you will be responsible for the following items:
- Event Detection - Following an established, documented process for event detection including but not limited to:
- Receipt of Security Alerts, (and Operational Health Alerts from Security Devices) from monitored devices and associated technology
Acknowledgementof receipt of the event
- Opening new service desk tickets, or update existing tickets in order to track event handling through its lifecycle to resolution and closure.
- Assignment of the event ticket to the appropriate owner.
- Event Filtering - Follow established
processfor identification of events that require filtering. Documenting and assigning requests for event filtering in the service desk ticket
- Event Investigation - Follow an established process for the purposes or collecting relevant data and performing the necessary level of analysis on that data.
- Event Escalation - Follow an established process for transmitting event investigation data to the appropriate point of contact, whether that point of contact is an external
client,or an internal resource. Report on recurring problems and issues discovered during the course of your duties.
- Event closure - Follow established process to ensure that resolution criteria are met before closing tickets.
- Manual Health Checks - Follow establish and approved processes for performing scheduled health checks on applicable devices.
Must have demonstrated knowledge and experience with three or more of the following:
- UNIX, AIX & Solaris
- Windows Server Operating Systems
- Internet Connectivity and Protocols (TCP/IP)
- Wireless Networking
- Network architecture best practices
- Security Operations Centre/Information Protection Centre/Computer Incident Response Centre
- Enterprise Security Information Management systems
- VPN Communication Protocols
- Switches/Routers (basic configuration)
- Network/System Intrusion Detection or Prevention Systems
- Understanding of basic security concepts: Principle of Least Access, Compartmentalization
- Firewall (configuration knowledge)
- Asset Management
- Security threat and attack countermeasures
- Ability to conduct in-depth forensic analytical studies and investigations
- Ability to earn the Security+ certification within 3 months of hiring, if not already completed
- Critical thinking and analytical skills
- Excellent written and verbal communication skills
- Strong troubleshooting and
- Team player with
abilityto work autonomously
- Ability to prioritize, and re-prioritize work as required