Security Operations Analyst
Provide 24x7 monitoring for security alerts/incidents (eyes on the glass), security tools and assist with Intellectual Property Protection incidents.
The Security Operations Analyst is the 1st point of contact for any internal EA Security matter and provides incident triage and specialized support for security inquiries and works with all security pillars and IT teams in order to resolve the ongoing security incidents.
Monitoring/detecting/investigating security alerts received from security tools such as Anti-Virus, Security Incident Event Management (SIEM), Intrusion Detection/Prevention Systems (IDS/IPS) and malware content protection tools.
Track the potential security incidents detected/ reported within the dedicated ticketing platform.
Take ownership and drive the resolution on current alerts/ incidents.
Daily follow-up on outstanding cases.
Coordinate with other departments within EA to help resolve OR escalate the security alerts.
Investigate Phishing emails.
Suggest improvements to ongoing processes and workflows.
Assist with security tools/endpoint agent deployments.
Meet the SLA's for internal ticket and track the SLA for tickets opened to other teams.
Assist with the internal vulnerability scans.
Send security notifications to the users.
Support security automation tools with information on new incident types/ patterns observed.
Provide root cause analysis where possible.
Escalate to the next level the incidents/alerts according to agreed workflows.
Provide support services to internal users related to endpoint solutions deployed.
Understanding of Security principles and knowledge of security techniques and technologies.
Experience with virtual environments (any of ESX, QEMU, VirtualBox etc.).
Experience with Endpoint protection solutions.
Basic Active Directory knowledge.
Incident Response experience/knowledge.
Basic Networking knowledge
Mail services knowledge.
Nice to Have Skills:
Scripting languages knowledge (any of Bash, Python, PowerShell, etc.).
Experience with Information Event Management tools.
Any network/security certification (CompTIA Security+, CEH, CCNA, etc.).