Security Operations Center Analyst L1/L2
We are hiring an L1 SOC Analyst in Qatar, on behalf of the Digital arm of a global corporation, offering Cybersecurity services to a high-profile Oil & Gas client.
The SOC Analyst will be dedicated to the company’s Enterprise IT Global Security Services team that provides cybersecurity services & solutions to its Plants & Distribution Centers and equally to the company’s customers.
Principle Relationships:
Internal: Cybersecurity Connected Services Hub, Plants & DCs local cybersecurity site leader in Plants & DCs, Enterprise IT
External: Customers
Responsibilities
To validate the Incidents reported by SOC operators
To identify the incidents if there are any missed by SOC operators
To interact with external parties to resolve the queries relating to the raised incidents
To maintain OT specific incident response procedures / playbooks
To work with team to continuous SIEM tuning to reduce false positives alerts by engaging directly with Customer SOC team to review the logs, alerts to reduce security fatigue
To provide a complete Root Cause Analysis RCA for all true positive security incidents as per the defined SLA
To work directly with related teams for developing use-cases, health status of logs, on-boarding, and fine tune uses cases leveraging the MITRE ATT&CK for ICS
Continuously conduct Threat Hunting based on TTP’s, threat patterns and threat intelligence feeds
To develop and maintain knowledge base of alerts, incidents, and mitigation steps
To ensure forensics reports and evidence are in a format to be used and supported in the court of law for judicial purposes.
To implement and enhance the defined Metrics, Dashboards, and Reports as the requirements
To perform vulnerability scans if requested by Customer, consolidate the reports and share with stakeholders on mitigation steps
Work with the CCSH manager or SOC Manager to successfully implement the Security solutions.
Credentials
7-10 years of experience in OT Industrial Control System
7-10 years as SOC Analyst in SOC
Writing skills to communicate and prepare reports/information effectively to customers & Project Managers
Interpersonal skills, to help negotiate customer priorities and to resolve conflicts among project stakeholders
SIEM Tools Experience: LogRhythm (must), Arcsight, QRadar, Splunk
EDR Experience: Azure-Sentinel, Microsoft Defender, Crowdstrike, Palo Altro EDR
Vulnerability Management: Nessus, Nmap, OpenVas, Qualysguard
Tools: Wireshark, FTK, Python, Office suite
Investigation skills & Industrial architecture knowledge: Logs and PCap (Packet Capture) analysis, network FORENSIC, Industrial architecture and industrial protocol knowledge
System Knowledge: Linux CLI (Command Line) & Windows
Ticketing Tools: ServiceNow, Jira Service Desk, BMC Remedy
Qualifications
Bachelor’s Degree in a computer related field, plus Two or more of the following certifications:
Certifications
ISA/IEC 62443 - Cybersecurity Fundamentals Specialist, Risk Assessment Specialist, Design Specialist, Maintenance specialist
ISA99 or IC32-34 related OT certification
Global Industrial Cyber Security Professional (GICSP)
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
Competencies
Independent, self-sufficient, able to work alone without direct supervision
Capable of taking full responsibility for executing tasks, sometimes at remote locations
Confident in customer project environment
Able to show initiative, make quick decisions, and follow through to a conclusion
How To Apply
To Learn More And To Apply Visit The Following Link
Security Operations Center Analyst L1/L2 is Needed for EmiraTalent in Qarar
إرسال تعليق