Description
Job ID:
Generic description
For an International Security Operations Centre in Brussels, we are looking for a Security Team lead per direct. The company is looking for a strong leader who is knowledgeable in the field of security operations.
Job conditions
Team works in 2 shifts 6:00 to 22:00 hours (16*5). Due to the international relations, the team also works on public holidays. In due time the organization will move to 24*7 operations.
Full time (40 hours per week). Standby during extended business hours. Where needed willingness to work during the weekend.
Duration: 1 year.
Tasks will include (but are not limited to):
- Event classification of use case triggered events
- Initial triage/assessment
- Incident logging and alerting in the case management
- Handling non-complex events/use cases with a specific pre-determined reaction plan
- Escalation of events to Level 2 Analyst if required
- Performing proactive availability & health monitoring of the SMC's core SIEM infrastructure
- Regular check for health status log sources and other critical infrastructure at the local sites
- Template based reporting on daily events using ArcSight case management
- Incident reports using Incident Management database
- Service Desk tasks include:
- Receive incoming calls/requests over phone from the authorized key users (not L1 helpdesk function)
- Logging of incidents/requests in ticketing system
- Tracking the closure of tickets, managing ticket life cycle for infrastructure incidents for security alerts
- Incident report generation using standard template
- Handling the day-to-day SMC administrative duties,
§ Monthly automated security incidents report manually verified and completed if necessary
Wiki provisioning/documentation/Knowledge Base population/refinement
You are expected to have:
- Basic College Degree or equivalent;
- 2+ years of similar experience at a Security Operations/Monitoring Centre;
- Exposure to Unix and Linux OS
- Prior experience of using SIEM tool for security monitoring, ArcSight SIEM tool experience preferred; [NetIQ, RSA Envision, Nitro, QRadar also would work]
- Knowledge/understanding of at least one technology area (eg Juniper or Checkpoint Firewalls etc.);
Good verbal and written communication (English);