POST DESCRIPTION FOR TIER 1

Activities

Provide Support to SOC through the following activities:

  • Investigation of alerts, anomalies, errors, intrusions, malware ….. with the aim of identifying responsibilities, determining remediations, recommending improvements
  • Review security events from SIEM
  • Analyze security events from FW, NIDS, HIDS, Syslogs, … and determine the actions of remediations of incidents.
  • Determine the nature of the problems reported by tools, emails, alerts …..
  • Document activities during incidents.
  • Conduct vulnerability scans and review reports
  • Monitor and configure monitoring tools.
  • Meetings with customers.

 

Essential Knowledge Skills

  • TCP/IP.
  • Tools (Splunk, Q RAdar, Arc Sight, Net Witness ….)
  • Response to incidents, network monitoring  ….
  • Communication with people.
  • Basic programming (Python, Ruby, PHP, C, C#, Java, Perl, …)

 

Knowledge and Desired Skills

  • Implementation of controls based on CIS, NIST
  • Knowledge of technologies related with security (IDS, IPS, EDR, IRP, FW, WAF, SIEM, …).
  • Project management skills and hability to manage multiple projects.

 

Essential Education

  • Higher university studies in computer science, telecommunications, statistic, physics, mathematics or similar
  • Some relevant certifications such as  MCSE, CCNA, GCIH, CEH, GCFA o SANS.

 

Desired Education

  • Certifications CISSP, ITIL

 

Minimal Experience

  • 5 years of relevant experience in administration/support in any of the following services:  AD, IPS/IDS/FW, OS (Linux, Windows , ..), Exchange/servicios de correo, , SIEM, Protection tools such as  End Point
  • 2 years of experience providing security log analysis
  • Ticket management

 

Desirable experience

  • Vulnerability management nad incident response activities

 

POST DESCRIPTION FOR TIER 2

Activities

Provide support to the SOC Team through the following activities:

  • Working with alerts from TIER 1 analysts. In-depth analysis and determination of security threats based on events, analysis of malicious code and analysis of protocols.
  • Review Tickets generated by TIER 1 analysts,
  • Identify root causes and and take proactive actions
  • Assist in incident response
  • Think critically and creatively while analyzing security events and network traffic
  • Work with threat intelligence Analysts to turn intelligence into effective detection methods.
  • Collaborate with incident response teams to create detection rules and signatured
  • Perform network analysis to isolate and diagnose problems
  • Document actions
  • Determine remediation efforts.

 

Essential Knowledge Skills

  • TCP/IP.
  • Tools (Splunk, Q RAdar, Arc Sight, Net Witness ….)
  • Response to incidents, network monitoring  ….
  • Communication with people.
  • Basic programming (Python, Ruby, PHP, C, C#, Java, Perl, …)
  • Knowledge and experience with DBMS/RDBMS y SQL.

 

Essential Knowledge Skills

  • Implementation of controls based on  CIS, NIST

 

Essential education

  • Higher university studies in computer science, telecommunications, statistic, physics, mathematics or similar
  • Some relevant certifications such as  MCSE, CCNA, GCIH, CEH, GCFA o SANS.

 

Desired Education

  • Certificacions CISSP, ITIL

 

Minimal Experience

  • 5 years of relevant experience in administration/support in any of the following services:  AD, IPS/IDS/FW, OS (Linux, Windows , ..), Exchange/servicios de correo, , SIEM, Protection tools such as  End Pointnd Point
  • Protocol analysis (Wireshark, Gigastor, Netwitness, …)
  • Planning and implementation of network security practices (network segmentation, NAC, …)
  • 3 years of experience conducting penetration tests or, security tests, in networks or applications.

 

Desired experience

  • Web application protocols, web services (JavaScript, XML, JSON), scripting capabilities (Powershell, Python)
  • Knowledge of web application frameworks such as ASP, J2EE

Uso de cookies

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.plugin cookies

ACEPTAR
Aviso de cookies