As a Security Analyst (Tier 1), you will be responsible for monitoring in-house and client security alerts/incidents while working shifts. Your primary responsibilities include monitoring SIEM platform triaging alerts, working to cover 24/7 service with (8+1) hour work shifts, participating in threat-actor based investigations, suggesting new detection methodologies, and providing expert support to alerting, incident response, and monitoring functions. Your day-to-day operations will involve dealing with SIEM Monitoring, various reporting, and security incident handling.
Responsibilities
Your key responsibilities include:
- Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using SIEM technologies.
- Investigating incidents using SIEM and Bigdata technologies, packet captures, reports, data visualization, and pattern analysis.
- Ensuring all incidents are handled within SLA and before the end of shift.
- Detecting, identifying, and providing first-level incident handling of possible attacks/intrusions, anomalous activities, and misuse activities.
- Effectively monitoring health of various log sources and reporting to engineering teams in case of missing sources.
- Monitoring SIEM and SOC tools to identify potential performance problems, data loss, and misconfigurations in SOC infrastructure.
- Monitoring external data sources (e.g., Threat Feeds) to maintain up-to-date threat conditions and determine the scope of impact of any incident on the organization.
- Performing vulnerability scans, reviewing the vulnerability scan results, and supporting the creation of remediation actions.
- Complying with G42 Acceptable Use Policy and attending mandatory information security, privacy, business continuity, and HSE trainings.
- Reporting information security and HSE incidents or suspect incidents through established incident reporting channels.
- Maintaining confidentiality of information and classifying and handling information as per G42 Policies and Procedures.
Qualifications
- 3+ years of related experience in information technology and/or information security preferred.
- Experience with data analysis and centralized logging (Splunk, ELK, Kafka, rsyslog, etc.).
- Scripting and development skills (BASH, Perl, Python, or Java) with strong knowledge of regular expressions.
- Capability to develop use cases or additional detection capabilities based on the SIEM query language, understanding of incident response.
- Skill to analyze large data sets and unstructured data to identify trends and anomalies indicative of malicious activity.
- Linux incident handling skill would be ideal.
- Knowledge of current security threats, techniques, and landscape, and a dedicated desire to research the information security landscape.
- Experience in analyzing networking protocols, firewalls, host and network IPS, Linux, virtualization containers technologies, databases, and web servers.
Work Conditions
- A hybrid work policy to strike the perfect balance between office and home.
- Competitive remuneration package with a host of perks including healthcare, education support, leave benefits, and more.
If you meet the criteria above, please contact us as soon as possible.
