POST DESCRIPTION FOR TIER 1
Activities
Provide Support to SOC through the following activities:
- Investigation of alerts, anomalies, errors, intrusions, malware ….. with the aim of identifying responsibilities, determining remediations, recommending improvements
- Review security events from SIEM
- Analyze security events from FW, NIDS, HIDS, Syslogs, … and determine the actions of remediations of incidents.
- Determine the nature of the problems reported by tools, emails, alerts …..
- Document activities during incidents.
- Conduct vulnerability scans and review reports
- Monitor and configure monitoring tools.
- Meetings with customers.
Essential Knowledge Skills
- TCP/IP.
- Tools (Splunk, Q RAdar, Arc Sight, Net Witness ….)
- Response to incidents, network monitoring ….
- Communication with people.
- Basic programming (Python, Ruby, PHP, C, C#, Java, Perl, …)
Knowledge and Desired Skills
- Implementation of controls based on CIS, NIST
- Knowledge of technologies related with security (IDS, IPS, EDR, IRP, FW, WAF, SIEM, …).
- Project management skills and hability to manage multiple projects.
Essential Education
- Higher university studies in computer science, telecommunications, statistic, physics, mathematics or similar
- Some relevant certifications such as MCSE, CCNA, GCIH, CEH, GCFA o SANS.
Desired Education
- Certifications CISSP, ITIL
Minimal Experience
- 5 years of relevant experience in administration/support in any of the following services: AD, IPS/IDS/FW, OS (Linux, Windows , ..), Exchange/servicios de correo, , SIEM, Protection tools such as End Point
- 2 years of experience providing security log analysis
- Ticket management
Desirable experience
- Vulnerability management nad incident response activities
POST DESCRIPTION FOR TIER 2
Activities
Provide support to the SOC Team through the following activities:
- Working with alerts from TIER 1 analysts. In-depth analysis and determination of security threats based on events, analysis of malicious code and analysis of protocols.
- Review Tickets generated by TIER 1 analysts,
- Identify root causes and and take proactive actions
- Assist in incident response
- Think critically and creatively while analyzing security events and network traffic
- Work with threat intelligence Analysts to turn intelligence into effective detection methods.
- Collaborate with incident response teams to create detection rules and signatured
- Perform network analysis to isolate and diagnose problems
- Document actions
- Determine remediation efforts.
Essential Knowledge Skills
- TCP/IP.
- Tools (Splunk, Q RAdar, Arc Sight, Net Witness ….)
- Response to incidents, network monitoring ….
- Communication with people.
- Basic programming (Python, Ruby, PHP, C, C#, Java, Perl, …)
- Knowledge and experience with DBMS/RDBMS y SQL.
Essential Knowledge Skills
- Implementation of controls based on CIS, NIST
Essential education
- Higher university studies in computer science, telecommunications, statistic, physics, mathematics or similar
- Some relevant certifications such as MCSE, CCNA, GCIH, CEH, GCFA o SANS.
Desired Education
- Certificacions CISSP, ITIL
Minimal Experience
- 5 years of relevant experience in administration/support in any of the following services: AD, IPS/IDS/FW, OS (Linux, Windows , ..), Exchange/servicios de correo, , SIEM, Protection tools such as End Pointnd Point
- Protocol analysis (Wireshark, Gigastor, Netwitness, …)
- Planning and implementation of network security practices (network segmentation, NAC, …)
- 3 years of experience conducting penetration tests or, security tests, in networks or applications.
Desired experience
- Web application protocols, web services (JavaScript, XML, JSON), scripting capabilities (Powershell, Python)
- Knowledge of web application frameworks such as ASP, J2EE