Security Operation Analyst

Employment Type: Full time, Regular, Hybrid work arrangement

Roles and Responsibilities

Primary Duties

• Ready to work in 24/7 shift timings.
• Excellent communication (written and oral) and interpersonal skills
• Monitor security systems and networks for suspicious activity.
• Validating alert triggered by security information and event management (SIEM) tools.
• Triage events and investigate to identify security incidents.
• Investigate security incidents and determine their severity.
• Contribute to incident response, maintaining relevant communication and information in emails, ticket summaries, analysis and reporting.
• Escalate security incidents to the next level for further investigation.
• Make recommendations for ongoing tuning and updates to the SIEM system.
• Creating/update workflow in alert triage.
• Participate in security audits and compliance reviews.
• Keep up with the latest security threats and trends.
• Perform incident response using AVEVA defined Security Incident Response framework such as NIST.
• Provide regular reports to management on the state of the organization's security.
• Reports to Digital Forensic and Incident Response Manager concerning security events, incident trends, residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.

Additional Duties

• Under the guidance of Digital Forensic and Incident Response Manager:
• Assist with control improvements to identify control weaknesses and contributes to vulnerability advisories.
• Participates in security investigations and compliance reviews, as requested by internal or external auditors.
• Assisting with audit finding remediation, action plans. track progress and provide status updates to the enterprise compliance team for reporting purposes.
• Maintain awareness of applicable regulatory standards, upstream risks, and industry leading security practices.
• Provide feedback and recommendations on existing and new security tools and techniques for the improvement of analysis, incident investigation and security controls.

Qualifications/Experience

Educational Qualifications

• Minimum of 18 months experience as SOC Analyst or Incident Response or Security Operations Centre role.
• Bachelor's degree in information systems or equivalent work experience in relevant information and cyber security domain.
• Microsoft SC200 Certification.
• Security certification from a recognised organisation such as ISC2, CompTIA, ECCouncil, SANS Institute is as advantage.

Technical Competency and Experience

• Excellent technical knowledge of Microsoft Operating Systems. Knowledge and experience of Linux and Macintosh.
• Extensive knowledge in SIEM monitoring and level 1 triage.
• Experience of Microsoft Defender and Sentinel.
• Technical knowledge of:
• Network traffic and protocol analysis of security events from network devices, firewalls, intrusion detection and prevention systems
• Endpoint Detection and Response solutions
• Endpoint protection and anti-malware solutions
• Identity and access management (IAM) systems
• User access control monitoring systems
• Email and phishing protection
• Security Threat Hunting
• Forensic evidence handling
• Cloud security, such as Azure or AWS
• Awareness of the Mitre ATT&CK framework and how it can be used to learn an adversarys tactics and techniques and focus incident response.
• Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
• Knowledge and experience in developing and documenting security processes and plans.
• Experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST) or Centre for Internet Security (CIS) frameworks.

Desired competencies & behaviours

• Strong analytical thinking skills with strong written and verbal communication and a good attention to detail.
• Ability to manage complex tasks with minimal supervision in team situation and communicate effectively with broad range of individuals.
• A strong internal client focus, with the ability to manage expectations appropriately, to provide a superior internal client experience and build long-term relationships.
• Passionate about security, with a keenness to develop own skills and knowledge outside of working environment.
• Confident in recording and presenting key findings and conclusions to different levels of the business.