Security Operations Analyst L1
Entry (0-2 years), Middle (2-5 years)
The Security Operation Centre (SOC) Information Security Analyst is the first level of monitoring in the SOC. The position monitors and responds to security events from managed customer security systems as part of a team that will, initially, be working business hours only.
Your background should include, preferably, exposure to security technologies including firewalls, IPS/IDS, logging, monitoring and vulnerability management. You should have a basic understanding of network security practices. Excellent customer service while solving problems should be a top priority for you.
The OOH DCS Critical operates in a 24 by 7 system, so the new colleagues should be willing to work in shifts.
The security analyst monitors security events from the various SOC entry channels (Qradar, Tickets, Email and Phone), based on the security event severity, escalate to DCS support teams if needed, SOC L2/L3 specialists, and/or customer as appropriate to perform further investigation and resolution.
- Recommend and be part of enhancements to SOC security process, procedures and work instructions.
- Participate in security incident management and vulnerability management processes
- Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new and existing IT Infrastructure systems;
- Works as part of the team to ensure that corporate data and technology platform components are safeguarded from known threats
- Communicate effectively with customers, colleagues and management
- Provide input on tuning and optimization of security systems and Qradar platform
- Follow ITIL practices regarding incident, problem and change management
- Document and maintain customer build documents, security procedures and processes, work instructions
- Staying up-to-date with emerging security threats including applicable regulatory security requirements.
Ideal candidates will have as much of the following:
- Basic Information Security knowledge
- Basic knowledge of IT including multiple operating systems and system administration skills (Windows, Solaris, UNIX)
- Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products
- Basic understanding of security incident management, malware management and vulnerability management processes
- Basic understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP
- Detail oriented with strong organizational and analytical skills
- Strong written communication skills and presentation skills
- Self-starter, critical and strategic thinker, negotiator and consensus builder
- Excellent English written and verbal skills.
Nice to have:
- Previous security monitoring experience with one or more SIEM technologies – Q1 Radar, Splunk and intrusion detection technologies
- Experience with web content filtering technology - policy engineering and troubleshooting