Monitor the organization’s cybersecurity state, handle incidents during cyber-attacks and assure the continued operations of Centelon systems. Monitors and assesses systems cybersecurity state. Analyze, evaluates and mitigates the impact of Cybersecurity incidents. Identify the root cause and malicious actors. According to Incident Response Plan, restores systems and processes functionalities to an operational state, collecting evidence and documenting actions taken.
Main Tasks:
· Develop, implement and assess procedures related to incident handling
· Identify, analyze, mitigate and communicate cybersecurity incidents
· Contribute to the development, maintenance and assessment of the Incident Response Plan
· Assess and manage technical vulnerabilities
· Measure cybersecurity incidents detection and response effectiveness
· Evaluate the resilience of the cybersecurity controls and mitigation actions taken after a cybersecurity or data breach incident
· Adopt and develop incident handling testing techniques
· Establish procedures for incident results analysis and incident handling reporting
· Document incident results analysis and incident handling actions
· Cooperate with key personnel for reporting of security incidents according to applicable legal framework
· Collaborate within a 24×7 security operations team
· Monitor the Security Information and Event Management System (SIEM) and oversee security incidents and events
· Conduct daily security analysis, scanning, and risk assessments for potential threats and vulnerabilities
· Proactively research and comprehend emerging threats, vulnerabilities, and exploits
· Provide actionable security recommendations to enhance the CLIENT Environment’s security posture
· Adhere to departmental policies, processes, and standard operating procedures for consistent and controlled work execution
· Create and manage security incident tickets through to closure
· Monitor critical assets and logs while coordinating with various teams for incident response and remediation activities
Key Skills:
· Practice all technical, functional and operational aspects of cybersecurity incident handling and response
· Collect, analyze and correlate cyber threat information originating from multiple sources
· Work on operating systems, servers, clouds and relevant infrastructures
· Work under pressure, Communicate, present and report to relevant stakeholders
· Manage and analyze log files
Key knowledge:
· Incident handling standards, methodologies, frameworks, recommendations, best practices, tools and communication procedures
· Operating systems and networks security
· Cyber threats and attack procedures
· Computer systems vulnerabilities
· Cybersecurity related laws, regulations and legislations
· Secure Operation Centers (SOCs) operation
Good to Have:
· Candidate must have at least 4 – 8 years of experience working for SOC team. Good knowledge of Various Security Technologies
· Candidate must be a graduate of any degree
· Experience in major operating systems (Windows, Mac & Linux)
· Solid foundational understanding of networking concepts (TCP/IP, LAN/WAN, Internet, network topologies)
· Understanding of current trends in attacker and threat actor tools, techniques, and procedures mitigation steps
· Basic malware analysis, endpoint analysis, Phishing alerts analysis experience
· Experience with Security Information and Event Management (SIEM) tools
· Experience in event monitoring, correlation, event analysis, investigation and remediation of security events.
· Experience in managing multiple SOC customers.
· Proven Knowledge and expertise in SOC administration tasks including troubleshooting of various cybersecurity tools and components
· Information security certifications, Professional Security certification is a plus (SSCP, GSEC, CIHE, GCIH, CEH, GPEN or equivalent)
· Good to Have PenTest Handson and relevant certification.