Description
Security Operations Center Analyst - 4 Month Contract - Denmark
Candidates in this role will be responsible for conducting incident response operations according to documented procedures and industry best practices.
Candidates in this role must have excellent communication skills.
Must have extensive experience in multiple security areas such as SIEM, IDS, APT, and WAF.
Candidates will be required to participate in multiple intelligence communities and be able to disseminate pertinent information throughout the SED.
Ideal candidates should have extensive experience in Linux and/or Windows operating systems as well as having a deep knowledge of networking and attack methods such as SQLi and pivoting.
Standard Job Requirements
- Part of the SOC team that runs 24x7,on a rotating shift schedule
- First point of escalation for the Tier 1
- Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets
- Review and build new operational processes and procedures
- Provide first responder forensics analysis and investigation
- Drives containment strategy during data loss or breach events
- Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)
- Works directly with data asset owners and business response plan owners during low and medium severity incidents
- Advice on the tuning of IDS, Proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems
- Provide use case creation/tuning recommendations to administrators based on findings during investigations or threat information reviews
- Lead response actions for incidents where CIRT is not required to intervene (low/medium priority)
- Performing administrative tasks per management request (ad-hoc reports/trainings)
Functional and Technical Competencies
Must have
- Basic College Degree or equivalent;
- 2+ year prior experience in a similar position
- Passion and drive to work in start-up division with potential of significant growth in scope and services;
- Possess good logical and analytical skills to help in analysis of security events/incidents
- Experience of network security zones, Firewall configurations, IDS policies
- In depth knowledge TCP/IP
- Knowledge of systems communications from OSI Layer 1 to 7
- Experience with Systems Administration, Middleware, and Application Administration
- Experience with Network and Network Security tools administration
- Knowledge of log formats and ability to aggregate and parse log data for syslog, HTTP logs, DB logs for investigation purposes
- Ability to make create a containment strategy and execute
- Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
- Good knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack etc.)
Nice to have:
- Experience with log search tools such as Splunk, usage of regular expressions and natural language queries
- Knowledge of common security frameworks (ISO 27001, COBIT, NIST)
- Knowledge of encryption and cryptography
- Previous experience in the financial industry
Training, Qualifications, and Certifications
Preferred:
CEH certified
SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling training
SANS FOR* trainings
Advanced Security Essentials - SEC501 (optional GCED certification)
Perimeter Protection In Depth - SEC502 (optional GCFW certification)
In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon Skillsearch Limited having first sought approval of its client to find candidates for this position. Skillsearch Limited acts as both an Employment Agency and Employment Business