Description
Information Security Incident Consultant/Analyst - SOC, SIEM, DNS, Syslog, GIAC, GCIH
Main tasks
- Handle security incidents to ensure timely mitigation and escalate to appropriate incident resolver groups and leadership as required
- Handle high severity incidents during non-working hours (on-call)
- Assess, analyse, categorize, classify and investigate security incidents
- Collect and document evidence needed for investigation and digital forensics
- Control and contain security incidents
- Follow-up security incidents resolution and track updates in ticketing tool
- Notify and communicate to relevant stakeholders
- Support SOC Security Analysts and local security incident handlers
- Perform lessons learned activities, eg security incident reviews, post mortem documentation
- Participate in use case development and SIEM rules threshold tuning
- Communicate to the relevant stakeholders
Technical skills required
- Ability to identify risks, threats, vulnerabilities and associated attacks that might involve: malicious code, protocol/design/configuration flaws
- Strong troubleshooting and analytical skills
- Understanding the Internet and detailed knowledge of network protocols (Ethernet, 802.11.X, IP, ICMP, TCP, UDP )
- Knowledge of application/services related protocols (DNS, SMTP, HTTP, FTP )
- Knowledge of network infrastructure elements and architecture (Firewall, Proxy, IPS, WAF )
- Knowledge of current security vulnerabilities and related attack methodologies
- Detailed knowledge of packet capture analysis and usage of associated tools
- Detailed knowledge of log management (Syslog, CEF, debug levels, parsing )
- Knowledge of encryption algorithms, digital signature mechanisms and PKI
- Knowledge of Scripting, character manipulation and regular expressions
Other skills
Certifications
- Recommended: GIAC GCIH (SANS SEC504)
- Recommended: Security infrastructure certifications
- Recommended: ITIL foundation
- Optional: GIAC GCFA (SANS FOR508)
- Optional: Offensive security certification (OSCP, SEC560, CEH)
Overall work experience in the field
- Demonstrated experience in performing Information security incident analysis and response > 1 year
- Demonstrated experience in SOC/CSIRT > 2 years
- Demonstrated experience in network/security infrastructure administration > 1 year
- Demonstrated experience Linux/Windows administration > 1 year
- Demonstrated experience in large and complex organisation(s) > 1 year
- Demonstrated experience in usage of ticketing tools
- Demonstrated on-the-job experience with any of the standard commercial SIEM tools
Soft skills
- Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
- Good interpersonal and communication skills, works effectively as a team player
- Common sense to make efficient and acceptable decisions
- Ability to work under pressure
- Ability to lookup for information and to solve unknown problems
- Ability to function effectively in a Matrix structure
- Cross cultural sensitivity, flexibility
- Fluent in English
Examples of Deliverables
- Weekly reports on security incidents provided in a classified, categorized and assessed way
- Weekly reports on security incidents resolutions
- Communication documents to inform the relevant stakeholders
- Reports on good practices and lessons learned
Mercator IT Solutions provides services as an agency and an employment business