Cyber Security Analyst

Position: Cyber Security Analyst

Job Description:

• • Monitoring of SIEM and other security solutions dashboards, as assigned.
• Handling incidents escalated by the L1/L2 team in 24x7 rotational shifts
• Carry out in-depth investigation and correlation and work with the stakeholders towards mitigation and closure of critical, high severity and other complex incidents.
• SIEM support activities which includes adhoc reporting and basic troubleshooting
• Coordinating with Security SMEs to build hunting rules and triggers, which focus on adversary activity within the ICS/OT domain.
• Minimize gaps in incident response and provide for comprehensive risk mitigation.
• Updating of incident response playbooks to cater for emerging threat scenarios and ensure response actions align with the best practices.
• Prepare reports, KPI dashboard for customers
• Liaise with stakeholders in relation to cyber security issues and provide future recommendations
• Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
• Hands-on experience in network security technologies Such as SIEM (Azure Sentinel), Next Gen Firewalls, Proxy, IDS / IPS, DDOS, Antimalware protection, DNS Security, VPN Security, Cloud Firewalls (E.g., NSG)
• Working Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g; application of defense-in-depth).
• Should have working experience in Cloud platforms such as AWS or Azure or GCP
• Handle multiple competing priorities and high impact incidents/escalations
• Share learnings and best practices amongst team members including keeping internal knowledge databases updated
• SOC Team Shift Roster Management & Keep Security Operation Centre running 24x7.

Mandatory:

• 
  Data Analytics, Automation, API, Tableau, Power BI, Python
• Demonstrated success in assessing, identifying, and addressing cybersecurity risks in an industrial environment
• Strong knowledge OT security, SOC operations, application security, vulnerability management, data protection, infrastructure security and information security
• Network knowledge: architecture, components, firewall configuration/IP, VLAN, subnets, protocols (SMB, LDAP, DNS, DHCP, TCP, HTTP, UDP, NTP)
• Investigation skills: Logs and PCAP (Packet Capture) analysis, network Forensic, OS Forensic and SOC, SIEM based analysis
• Reporting skills: investigation reporting, incident resolution reporting
• Incident Ticketing process
• Tools: SIEM (MS Sentinel, Splunk etc)Nessus Scanner, S1 EDR, Markdown, Wireshark, Office suite or equivalent
• SOC, SIEM, NIDS, IPS platforms, NMS EDR, EFW
• Customer interaction & consultative skills

Good to Have :

• Systems: Linux, Windows administration, SCADA, PLC, HMI, DCS
• Certifications: IEC62443, CISSP, CCNA, CCNP..
• Industrial architecture, industrial protocol knowledge, IEC/NIST fr

Qualifications :

• 2 - 8 years IT/OT security, industrial cybersecurity and change management
• Bachelor's degree or equivalent work experience required
• Collaborative with ability to manage relationships across multiple functional areas & customers
• Excellent English mandatory