Technical Facility Admin

Security Administrator or SOC Analyst Responsibilities:

• The primary responsibility of a security operations centre (SOC) analyst is to ensure that the organization’s information assets are protected from compromise arising from unauthorized access (Confidentiality risk), unauthorized alteration of data/information (integrity risk) and denial of service (availability risk).

• protection of IT infrastructures of the organization whether on-premises (in the data centre) or cloud based (e.g. Microsoft or Oracle cloud, Azure SaaS) as well as confidential customer/business data by having visibility on all vulnerabilities, threats and threat sources for effective mitigation and defence before occurrence of a breach.

• Implementation of the cyber defence strategy

• Knowledge and experience performing VAPT.

• Expertise in cyber security pool,

• Knowledge on Critical infrastructure security / Application security/ Network security/ Cloud security/ Internet of Things (IoT) security.

• Development and implementation of the security incident classification policy and procedure of the organization

• Hands on Visibility perimeter firewall, core network devices (switches, routers, intrusion prevention systems, intrusion detection systems),

• Knowledge on virtualized infrastructure (VMware, ESXi Host),

• Knowledge on enterprise servers (Windows, UNIX, LINUX),

• Knowledge on databases, enterprise backup and storage systems, endpoints (workstations, laptops, PDAs, mobile devices),

• Knowledge on voice communication devices (VOIP) and other enterprise infrastructures.

• incident/log monitoring and correlation platforms (e.g. SIEM, FIM and DAM tools),

• Experience in using SIEM tool such as Client ArcSight, Splunk, file integrity monitoring (FIM) tool such as Tripwire or Cimtrak, database activity monitoring (DAM) tool such as Imperva secure sphere,

• Escalate validated and confirmed incidents to designated incident response team.

• Notify Client of incident and required mitigation works.

• Fine-tune SIEM rules to reduce false positive and remove false negatives.

• Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation.

• Proactively research and monitor security information to identify potential threats that may impact the organisation.

• Develop and distribute information and alerts on required corrective actions to the organisation.

• Learn new attack patterns, actively participate in security forums.

• Work closely with Vulnerability Management and designated incident response team.

• Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.

• Understand the subject of Carbon Black alarmsPerform Ad-hoc training for L1 analysis.

• Perform threat Client research.

• Ability to run and understand Sandbox Static Analysis.

• Open and update incidents in SecurityHQ (ITSM Platform) to report the alarms triggered or threats detected. Analyst should properly include for each incident on SecurityHQ all details related to the logs, alarms and other indicators identified in accordance with the intervention protocol of each client and the SLA.

• Track and update incidents and requests based on client’s updates and analysis results.