As a Security Analyst (Tier 1), you will be responsible for monitoring in-house and client security alerts/incidents while working shifts. Your primary responsibilities include monitoring the SIEM platform, triaging alerts, and covering 24/7 service with (8+1) hour work shifts. You will participate in threat-actor based investigations, suggest new detection methodologies, and provide expert support to alerting, incident response, and monitoring functions. Your day-to-day operations will involve dealing with SIEM Monitoring, various reporting, and security incident handling.
Your key responsibilities include:
- Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using SIEM technologies.
- Investigating incidents using SIEM and Big Data technologies, packet captures, reports, data visualization, and pattern analysis.
- Ensuring all incidents are handled within SLA and before the end of shift.
- Detecting, identifying, and providing first-level incident handling of possible attacks/intrusions, anomalous activities, and misuse activities.
- Effectively monitoring the health of various log sources and reporting to engineering teams in case of missing sources.
- Monitoring SIEM and SOC tools to identify potential performance problems, data loss, and misconfigurations in SOC infrastructure, including in the cloud.
- Monitoring external data sources (e.g., Threat Feeds) to maintain up-to-date threat conditions and determine the scope of impact of any incident on the organization.
- Performing vulnerability scans, reviewing the vulnerability scan results, and supporting the creation of remediation actions.
- Complying with G42 Acceptable Use Policy and attending mandatory information security, privacy, business continuity, and HSE trainings.
- Reporting information security, HSE incidents or suspect incidents through G42 established incident reporting channels.
- Maintaining confidentiality of information and classifying and handling information as per G42 Policies and Procedures.
To qualify for the role, you must have:
- 2+ years of related experience in information technology and/or information security preferred.
- Experience with data analysis and centralized logging (Splunk, QRadar, ELK, Kafka, syslog, etc.).
- Scripting and development skills (BASH, Perl, Python, or Java) with strong knowledge of regular expressions.
- Capability to develop use cases or additional detection capabilities based on the SIEM query language and an understanding of incident response.
- Skill to analyze large data sets and unstructured data, manually or using tools to identify trends and anomalies indicative of malicious activity.
- Linux incident handling skills would be ideal.
- Knowledge of current security threats, techniques, and landscape with a dedicated desire to research the current information security landscape.
- Experience in analyzing networking protocols, firewalls, host and network IPS, Linux, virtualization container technologies, databases, and web servers.
Work Conditions:
- The position includes participation in shift work to cover 24/7 service.
- A hybrid work policy allows for a balance between office and home.
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.
