Purpose of Role:

Worldwide leading Automotive Retail & Distributor is setting up a Security Platform as a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.

Job Role and Responsibilities:

• Responsible for Incident Response work that includes identifying attack vectors, providing malware removal strategies, backup, and restoration strategy, identifying IOCs, and compromised host isolation techniques.
• Responsible for Malware analytics & vulnerability assessments that assist in identifying and mitigating MiTM, Ransomware, and Heartbleed attacks, as well as perform vulnerability scans and penetration testing.
• Assists with ACL recommendations and router/switch/firewall configurations.
• Response to alerts from information security tools & reports, investigates, and resolves security incidents.
• The Security Analyst Tier 2 is responsible to educate and communicate security requirements and procedures to all users and new employees.
• identifying & coordination the information security incident process, including investigating or working with relevant teams to deal with the incidents, identify the root cause and amend policies when required.
• Document all incidents and create a clear narrative that supports their conclusions.
• Assist with the preparation of incident Reports.
• Utilize tools (e.g., Wireshark, Nmap, PCap, etc.) to identify and map devices on the network.
• Interface with field personnel to mitigate security incidents.
• Serve as the technical escalation point and mentor for lower-level analysts.
• Maintain detailed notes within Operational Management systems on all security issue resolution activities.
• Regularly communicate with customer IT teams to inform them of issues, help them remediate, and ensure that they continue to operate business as usual.
• Ensure that all Security Platform tickets are handled and resolved within SLAs (Service Level Agreements).

Threat Analysis:

• Monitor and analyze security events and alerts from multiple sources, including security information and event management software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows and Unix), and databases.
• Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks.
• Research security trends, new methods, and techniques used in unauthorized access of data to pre-emptively eliminate the possibility of system breach.
• Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts.
• Maintain a strong awareness of the current threat landscape.

Investigation and Triaging: 

• Perform triage of incoming issues (assess the priority, determine risk).
• Coordinate with enterprise-wide cyber defines staff to correlate threat assessment data and validate network alerts.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities.
• The Security Analyst, Senior recommends and implements changes to enhance systems security and prevent unauthorized access.
• Open, track and close trouble tickets Interface with field personnel to mitigate security incidents.

Skills and Experience Required:

• 4+ year of experience working in a NOC or SOC
• 4+ year of Security Incident Response experience
• 4+ years of networking and/or security infrastructure installation deployment & upgrade experience
• Possession of Industry Certifications such as CISSP, Security +, Network +, CEH, RHCA,
• RHCE, MCSA, MCP, MCSE and knowledge of NISP /equivalent industry standard is preferred.
• 4+ year of technical security related experience
• 4+ year of experience of Command and Control (CnC), Indicator of Compromise (IoC),
• DDOS, Email Phishing, Brute Force Attacks, Event log analysis
• Experience in threat identification and response. In-depth security knowledge of various operating system flavors including but not limited to Linux, MacOS, Windows
• The individual will have an extensive knowledge and hands-on experience of Cloud and NextGen technologies including AWS Cloud Networking, Silver Peak SD-WAN,
• Checkpoint, Fortinet Firewalls.
• Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, penetration testing, or related areas
• Strong knowledge of as many of the following technologies: CSOC (Cyber Security Operations
• Centre), SIEM (Security information and event management), Routers, Switches, Firewalls, IDS, IPS, Anti-virus, TCP/IP, ARP, ICMP, DHCP, DNS, HTTP, SNMP

Preferred Qualifications: 

• Familiarity with tools such as Google Chronicle, Sentinel One, Proofpoint, Netskope, Intruder, ManageEngine, Security Scorecards, Last Pass
• Good conceptual understanding of and experience working with datacenter Firewalls.
• Good understanding of advanced networking principals and concepts, including in-depth knowledge of common protocols such as Ethernet, IP (v4 and v6), TCP, UDP, DNS, SMTP, and HTTPS.
• Fundamentals of the infrastructure include a core of Microsoft technologies across both the desktop and server estate, VMware and Hyper-V virtualization platforms, and enterprise hardware from vendors including Cisco, F5, Check Point, Fortinet, Avaya, Hitachi, HP, Dell, Brocade, and Oracle.

Education: 

• Minimum bachelors’ degree in Information Security, Computer Science, or another IT-related field. Exceptional candidates with proven experience in security/network operations will also be considered.

To apply for this role, select “Apply Here” and you will be taken to SkillsNow Platform.