Threat Specialist

Why SoftwareOne? Can you imagine this?: More than 400 Tech Experts in 11 countries build and operate the systems that run SoftwareOne. They deliver 24/7 support through different time zones and work in a hybrid Multi-Cloud environment (AWS, Azure). Our global BIT team is leading the SoftwareOne's internal transformation by rethinking traditional IT and business operations, while driving innovation and productivity for its thousand's employees worldwide. #driventodeliver #thousandsstrong #allinone Business Engineer | Business Domain Vendor & Publisher team: Business IT / internal IT of SoftwareOne | pensum: full time The role In a nutshell : Role Description Threat Specialist, Level 2, works within the CDC (Cyber Defence Centre) and is responsible for the monitoring of systems, investigating root causes, and coordinating with Level 1 and 3 Analysts / engineers for analysis and response. Also will deliver strong Incident response capabilities, oversight of technical controls and assist with continual service improvement. The Threat Specialist works using log data as well as many security tools, and ticketing systems. Roles and Responsibilities: Monitor alerts automatically generated by security systems -SIEM Monitor threats and new attack techniques being disclosed in the wild Investigate events to determine if they are true events or false positives Create new ways to search for potentially suspicious events on systems Participate in projects to improve security monitoring toolkits as well as to improve defensive controls Provide different types of data to measure security and compliance Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. Isolate and remove malware. Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). Notify designated managers, cyber incident responders and articulate the event's history, status, and potential impact for further action in accordance with the organization's incident response plan. Work with stakeholders to resolve computer security incidents and vulnerability compliance. What we need to see from you Required knowledge: Computer networking concepts and protocols, and network security methodologies. Cyber threats and vulnerabilities. Authentication, authorization, and access control methods. Incident response and handling methodologies. Network traffic analysis methods. Key concepts in security management Good understanding of security concepts on networks, Window, Linux, web applications. Ability to multi-task under strict deadlines. Professional and interpersonal skills. Systems security testing and evaluation methods. Network mapping and recreating network topologies. Packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). Operating system command-line tools. Required Skills and Experience: Skill in using incident handling methodologies. Skill in collecting data from a variety of cyber defence resources. Skill in recognizing and categorizing types of vulnerabilities and associated attacks. Skill in performing packet-level analysis. Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning). Experience in conducting trend analysis. Experience analysing malware. Experience conducting vulnerability scans and recognize vulnerabilities in security systems. Experience detecting host and network-based intrusions using intrusion detection technologies. Experience to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute). Experience with SIEM (e.g. RSA Netwitness, IBM QRadar, Splunk, Arcsight) Candidate profile Experience/ Qualifications: 4 to 7 years of relevant experience. Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field. Relevant Security Certifications preferred (Security+, CEH, GCIH ). Good oral and written communication skills to collaborate with the team. Should be willing to work in rotational 24/7 shifts Job Function Business IT

Required knowledge: Computer networking concepts and protocols, and network security methodologies. Cyber threats and vulnerabilities. Authentication, authorization, and access control methods. Incident response and handling methodologies. Network traffic analysis methods. Key concepts in security management Good understanding of security concepts on networks, Window, Linux, web applications. Ability to multi-task under strict deadlines. Professional and interpersonal skills. Systems security testing and evaluation methods. Network mapping and recreating network topologies. Packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). Operating system command-line tools. Required Skills and Experience: Skill in using incident handling methodologies. Skill in collecting data from a variety of cyber defence resources. Skill in recognizing and categorizing types of vulnerabilities and associated attacks. Skill in performing packet-level analysis. Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning). Experience in conducting trend analysis. Experience analysing malware. Experience conducting vulnerability scans and recognize vulnerabilities in security systems. Experience detecting host and network-based intrusions using intrusion detection technologies. Experience to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute). Experience with SIEM (e.g. RSA Netwitness, IBM QRadar, Splunk, Arcsight) Candidate profile Experience/ Qualifications: 4 to 7 years of relevant experience. Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field. Relevant Security Certifications preferred (Security+, CEH, GCIH ). Good oral and written communication skills to collaborate with the team. Should be willing to work in rotational 24/7 shifts

In a nutshell : Role Description Threat Specialist, Level 2, works within the CDC (Cyber Defence Centre) and is responsible for the monitoring of systems, investigating root causes, and coordinating with Level 1 and 3 Analysts / engineers for analysis and response. Also will deliver strong Incident response capabilities, oversight of technical controls and assist with continual service improvement. The Threat Specialist works using log data as well as many security tools, and ticketing systems. Roles and Responsibilities: Monitor alerts automatically generated by security systems -SIEM Monitor threats and new attack techniques being disclosed in the wild Investigate events to determine if they are true events or false positives Create new ways to search for potentially suspicious events on systems Participate in projects to improve security monitoring toolkits as well as to improve defensive controls Provide different types of data to measure security and compliance Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities. Isolate and remove malware. Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). Notify designated managers, cyber incident responders and articulate the event's history, status, and potential impact for further action in accordance with the organization's incident response plan. Work with stakeholders to resolve computer security incidents and vulnerability compliance.