Senior Security Operations Centre Analyst


Premium Job From AMV Global Ltd

Recruiter

AMV Global Ltd

Listed on

30th April 2018

Location

Belgium

Salary/Rate

Competitive

Salary Notes

Competitive

Type

Contract

Start Date

ASAP

This job has now expired please search on the home page to find live IT Jobs.

Senior Security Operations Centre Analyst

Competitive Salary

Long Term Contract

Belgium

Good English Language Mandatory

Skills & Experience:

-SOC Analyst and/or first line incident responder

-Risk Assessment Methodologies: EBIOS, CRAMM, PILAR or equivalent

-STIX (Structured Threat Information Expression) with a particular focus on the following related standards:

-CybOX (Cyber Observables)

-CAPEC (Attack Patterns)

-MAEC (Malware)

-TAXII (Threat Information Exchange)

-Networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.)

-Experience in using, configuring and tuning a SIEM

-Knowledge of network security solution/technologies: Firewalls, Network IDS and IPS, Switches and routers, APT detection solutions such as FireEye; DNS, DHCP, VPN. Network forensics (full packet capture), Traffic baselining analysis,

-Knowledge of Host-based security solutions, HIPS, Malware end-point protection, OS logs

-Strong knowledge of Windows security events analysis

-Strong knowledge in the security analysis of firewall, proxy, and IDS logs

-Writing and optimizing IDS signatures (preferably SNORT and/or SURICATA)

-Strong knowledge in the security analysis of Applicable or Middleware logs (Oracle, Apache, WebLogic)

-Writing and optimizing YARA rules

Tools:

-SIEM (Arcsight ESM 6.x, Q-RADAR, or equivalent

-Log management solution (Arcsight Loggers and/or QRADAR and/or Splunk or equivalent

-SNORT or SourceFire NGIPS, FireSIGHT

-Suricata/StamusNetworks

-ELK (ElasticSearch, Logstash & Kibana)

-FireEye Ex, Nx, Ax, Fx, Hx, Ix

-CheckPoint and Juniper Firewalls

-BlueCoat proxies

Education/Certificates:

At least 1 certification in the field of incident handling:

-GCIH (GIAC Certified Incident Handler)

-GCIA (GIAC Certified Intrusion Analyst)

-ECIH (EC-Council Certified Incident Handler)

-CSIH (SEI Certified Computer Security Incident Handler)

-SCPO (SABSA Certifed Security Operations & Service Management Practitioner)

Ref no: 321254-SEN-SECURE-OP-CA

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below: