SOC Analyst L2 (Cyber Security Engineer/ Information Security)
JSAN
- București
- Permanent
- Full-time
- SIEM configuration/tuning
- EDR configuration/tuning
- Resources onboarding
- Correlation rule creation
- Security Alert Triage
- Security Incident Response
- Security Reporting.
- Documentations (SOP, improve standards, etc)
- Ability to work autonomously as well as contribute in a team and professional environment
- Ability to effectively manage multiple, concurrent activities, while understanding and managing priorities, dependencies, and risk
- Strong communication (verbal and written) and interpersonal skills
- Strong focus on customer service and outcome
- Strong in resource coordination, planning, and organizing
- Proven ability to adapt and maintain a flexible approach to changing needs or priorities
- Strong reporting and analytical skills with attention to details
- Strong problem-solving skill with the ability to resolve complex technical issues
- High level of initiative and self-motivation.
- ITIL foundations (nice to have not essential)
- GCIH
- Splunk certified
- Monitoring the SIEMs
- Monitoring and Managing the EDR
- Minimum five years of Experience working in a SOC preferably with an SI, MSP or a Vendor.
- Engaging with other relevant technical groups including service desk personnel and system engineers to facilitate the collection of data, and provision of information relevant to supporting related capabilities
- Understanding output from SIEMs in the context of the environment, escalating incidents appropriately and providing meaningful reporting
- Experience with the relevant technologies and domains, including system logging and log auditing.
- Proven experience of developing and enhancing SOC Run Books
- Proven experience of Case Management and ensuring cases are resolved within required SLA
- Advanced Configuration and tuning Splunk, ArcSight, Qradar, etc
- Use case creation and tuning, log onboarding
- Customizing the use cases
- System Logging
- Firewalls
- Web Gateway
- EDR – Microsoft, Proofpoint, McAfee, Crowdstrike
- PAM
- PKI
- Deception
- Vulnerability Management
- Citrix
- AWS & Private Cloud hosted technology landscape
- Working in Classified environments
- Service desk tools
- IDAM
- Incident response tool (TheHive, Resilient)
- Different security at layers
- Email Gateway – Decipher malicious Email (O365, Exchange, Zimbra)
- Work within a company with a solid track record of success
- Join a well known brand within IT Infrastructure / Blockchain / Cloud Computing
- Excellent career development opportunities