| SIEM Analyst, No H1B, OPT or CPT at Remote, Remote, USA |
| Email: [email protected] |
| From: Shikha, KPG99 [email protected] Reply to: [email protected] Hi, Hope you are doing well. Please find the job description below and let me know your interest. Position SIEM Analyst, No H1B/OPT/CPT Location: Remote Duration: 6+ Month MOI: Phone and Video A Tier 2 SIEM Analyst provides visibility into the network, user, and application activities occurring in a customer environment. As the primary SIEM tool, IBMs QRadar provides the collection, normalization, correlation, secure storage of events, flows, asset profiles, vulnerabilities and classifies suspected attacks and policy violations as offences. In this role, you will be observing these details and making decisions on how to appropriately respond. Role Function: Utilize IBM Security QRadar and/or QRadar on Cloud (QRoC) to identify potential security events within client environments. Receive and investigate alerts daily, determining their relevance and urgency. Escalate or perform triage to ensure that a genuine security incident is addressed with urgency. Performing Security Operations Center activities in the following areas: Analysis of customer events and offenses in the QRadar console QRadar deployment, administration, architecture, and design Cyber threat intelligence review and analysis Review of EDR, NDR, and next gen firewall alerts and logging criteria in a SOC SOAR experience in deployment, architecture, and design Playbook design and editing Workflow process creation Alert review, triage, and incident response Requisite Skills and Knowledge: Security operations analyst/engineer with at least 3 years' experience in security operations with emphasis on but not limited to the following technical criteria: Security orchestration automation and response with playbook/workflow/process design and implementation QRadar administration and use-case development Familiarity with cybersecurity tools from the perspective of responding to and mitigating risk from within a formalized security operations center environment such as: Network/Endpoint/Extended Detection and Response (NDR/EDR/XDR) Interpretation of raw network traffic (e.g. packet capture) and determining whether activity is legitimate. Network monitoring, log management and log analysis from a variety of network sensors to investigate suspect network activity Assist in operating all technical security systems and their corresponding or associated user/analyst interfaces, including web proxy filtering systems, host and client-based firewalls, intrusion detection/prevention systems, endpoint security systems, anti-malware, and anti-virus software to monitor network activity. Conducting investigations, malware analysis, and preparation of comprehensive reports with timely escalations to Network or Security Engineering, for review. Remain informed on trends and issues in the security industry, including current and emerging technologies. Understanding the function of Web Application Firewall (WAF), Next Generation Firewall (NGFW), Intrusion Detection and Prevention Systems (IDPS), and other networking security tools Knowledge of SOC tools such as VirusTotal, various Sandboxes, various Malware Analysis tools Knowledge of TCP/IP networking: networking topology, protocols, and services. Advanced Knowledge of Microsoft and Linux operating systems General understanding of computer networking technologies, protocols, and topologies. Understanding of Digital Forensics and Incident Response (DFIR) Experience in tracking key metrics to facilitate and report on strategic security operations functions that impact overall business continuity Utilization of security frameworks such as NIST, CIS, and MITRE ATT&CK Duties and Responsibilities : Provide situational awareness of cyber activity to LRS customers, escalating events identified in QRadar. Monitor, prioritize, and escalate events for triage. Correlate event data from multiple sources and sensors. Review large amounts of log data (e.g., firewall, network flows, IDS, and system logs). Categorize, prioritize, and normalize event information following incident response playbooks to determine if a security incident is taking place. Create incident reports, send notifications, update documentation, and collect metrics regarding cyber security activities. Coordinate with junior and senior SIEM Analysts, IT Operations, customers, or other team members. Submit or contribute to after-action reports and support post-incident follow-up activities as needed. Apply critical thinking in understanding new and emerging threats. Assist with the analysis of specific threats to assist in the development of new use cases and rule sets to detect, report, log, track, and escalate security events. Requirements: Bachelors Degree or equivalent work experience/certifications 5+ years in cybersecurity roles Desired Experience and Education: Analyst/engineer experience with QRadar, or other SIEM products like Splunk, LogRhythm, Exabeam, etc. Current security certifications Security+, CEH, OSCP, etc. Python/PowerShell or similar coding relative to cybersecurity skill sets Experience leading meetings and presentations for management and executive level personnel. Keywords: information technology |
| [email protected] View all |
| Sat Sep 16 01:11:00 UTC 2023 |