Cyber Security Intelligence Specialist

We are seeking a highly skilled and experienced individual to fill the role of Cyber Security Intelligence Specialist.

The successful candidate will be responsible for ensuring the protection of digital assets, identifying security incidents, and providing incident response services to customers.

This involves monitoring and responding to security events from managed customer security systems on a 24x7 basis. The Cyber Security Intelligence Specialist will be alert and aggressive in filtering out suspicious activity and mitigating risks before any incident occurs.

The ideal candidate will have exposure to security technologies including firewalls, intrusion detection/prevention systems, logging, monitoring, and vulnerability management. They should understand network security practices and prioritize excellent customer service while solving problems.

• Incident Response: Remediate serious attacks escalated from Tier 1, assess the scope of the attack, and affected systems, and collect data for further analysis.
• Proactive Threat Hunting: Review vulnerability assessments (CVEs) on monitored assets, focus on deep dives into datasets to understand what's happening during and after attacks.
• Monitoring and Escalation: Monitor security events from various SOC entry channels, escalate to managed service support teams, tier 3 information security specialists, and/or customer as appropriate to perform further investigation and resolution.
• Team Leadership: Work as a Team lead for the Cyber Security Intelligence Specialists, ensuring corporate data and technology platform components are safeguarded from known threats.
• Root Cause Analysis: Analyze events & incidents and identify the root cause.
• SIEM Maintenance: Assist in keeping the SIEM platform up to date and contribute to security strategies as new threats emerge.
• Staying Up-to-Date: Stay current with emerging security threats, applicable regulatory security requirements, and bring enhancements to SOC security process, procedures, and policies.
• Documentation: Document and maintain customer build documents, security procedures, and processes.
• Reviewing Incident Reports: Review critical incident reports and scheduled weekly & monthly reports, ensuring they are technically and grammatically accurate.
• Continuous Learning: Keep updated with new threats, vulnerabilities, create/contribute to use cases, threat hunting, etc.

Required Skills and Qualifications:

• Min 1-3 Years' Experience as Cyber Security Intelligence Specialist – (Experience in SIEM Tool ELK & Wazuh preferable)
• Process and Procedure Adherence
• General Network Knowledge and TCP/IP Troubleshooting
• Endpoint Tracing: Ability to trace down an endpoint on the network, based on ticket information
• System Log Information: Familiarity with system log information and what it means
• Network Services: Understanding of common network services (web, mail, DNS, authentication)
• Host-Based Firewalls: Knowledge of host-based firewalls, Anti-Malware, HIDS
• Network Device Functions: Understanding of common network device functions (firewall, IPS/IDS, NAC)
• Desktop OS and Server OS: General knowledge of Desktop OS and Server OS
• TCP/IP, Internet Routing, UNIX / LINUX & Windows
• Excellent Communication Skills: Excellent written and verbal communication skills

Skills:

• Event or Log Analytical Skills: Excellent event or log analytical skills
• IT Security Monitoring Experience: Proven experience as IT Security Monitoring or similar role
• Organizing and Time-Management Skills: Exceptional organizing and time-management skills
• Communication Abilities: Very good communication abilities
• SIEM Management Skills: ELK, Wazuh, Splunk, ArcSight SIEM management skills
• Reporting