Description
Nair Systems is currently looking for
Cybersecurity Operations Center (CSOC) Senior Analysts for our
Qatar operations with the following skill sets and terms & conditions.
Minimum Qualifications
• Degree in Computer Engineering / MCA
• Should have SIEM Splunk Certification, CEH and other equivalent Cyber Security Certification
• Should have SIEM Splunk Certification, CEH and other equivalent Cyber Security Certification
• 10 or more years of experience in Cyber Security using SIEM, Endpoints, DLAP, Python Scripting, troubleshooting, monitoring and management
• 5 or more years prior work experience in a CSOC environment focused on event collection and analysis
Must have
• Strong understanding of security operations concepts perimeter defense, insider threat, kill chain analysis, threat hunting, security metrics, MITRE ATT&CK framework
• Handson experience in SIEM Administration and building usecases; with working knowledge of Regular expressions (regex/regexp), MITRE Framework
• Good understanding of Information Security principles, accepted practices and guidelines such as ISO 27001, PCI-DSS, NIST, SABSA, COBIT, CIS, and OWASP
• Expert knowledge in collecting and analyzing Netflow& Firewall logs, IPS logs, OS security logs, PCAP, etc.
• Subject matter expertise in threat management, security incident event management, incident response and handling, root cause analysis and online research / selfstudy
• Experience in stakeholder engagement with excellent written and verbal communication skills
• Can work effectively in a team environment or autonomously
• Experience in APT detection, EPP/EDR, antimalware, vulnerability scanning, DLP, and threat intelligence tools
• Flexible to work in shifts to cover 24x7x365 oncall operations; Ability to work under high pressure
• Creation of Use cases using MITRE framework, Dashboard and Reports
• Strong technical background on Network Security, SIEM USE Case Creation, Dashboard and Reports
• Strong technical background on Network Security, SIEM USE Case Creation, Dashboard and Reports
• Active monitoring of system logs and network traffic for unusual activity and provide recommendations for remediation to work as Escalation Engineer for CSOC
• Continuous monitoring and review of security events, reports, alerts and CSOC dashboards to identify anomalous patterns indicative of potential security incidents
• Responsible for timely and effective response to, and management of, incidents, events, notifications, calls and other activities related to CSOC including Root Cause Analysis
• Gather relevant information and provide actionable intelligence on potential cyber security threats and incidents
• Prepare CSOC reports (for presentation if needed) on daily, weekly and monthly KRIs
• Responsible for creation and finetuning of usecases and alerts in the CSOC monitoring environment
• Perform regular health checks on all CSOC systems and tools and ensure that all hosts are monitored and required security event logs are being collected
• Take direction and guidance from InfoSec Management to build, support and update the CSOC playbooks/processes
• Render support for the administration and configuration of security controls such as SIEM, Antivirus software, network security devices, PAM, DLP, Vulnerability Management, etc.
• Prepare security awareness messages, presentations and announcements for management, IT staff, and regular users
• Participate in regular cyber drills and CSOC exercises
• Identify and communicate daily all critical items requiring the attention of senior management and coordinate with relevant teams to provide necessary remediation action
• Perform exception reviews, due diligence activities and risk assessment when required
• Facilitate technology audit and control remediation activities to ensure items are closed in a timely manner
• Manage all documentation related to information security incidents
• Resolve technical security queries; research, investigate and provide control recommendations to address risk
Terms and conditions
• *Joining time frame: 2 weeks (maximum 1 month)