CSIRT ANALYST - CYBERSECURITY
Exciting new opportunity available in Houston, TX for a Cybersecurity Analyst (CSIRT) to work with a world leader in the gas industry.
The CYBERSECURITY Analyst (CSIRT - Computer Security Incident Response Team) is responsible for managing security incidents for an international group with offices in Paris, Houston, Radnor and Singapore. We are interested in strengthening the team in Houston by hiring additional technical Security incident talent.
The CSIRT - Computer Security Incident Response Team is responsible for
Security Incident Handling
Alert Qualification: a 1st level of qualification is done by the L1/L2 teams and advanced qualification is done by CSIRT analysts before generating the incident.
Investigation: Incidents are investigated by members of the CSIRT L3 in coordination with scope of incident. The CSIRT (Computer Security Incident Response Team) Analyst defines an action plan which aims to collect the artifacts needed on suspicious assets, replay binarie to extract the IOC, contact local teams of the group for obtaining additional information.
Remediation: The CSIRT (Computer Security Incident Response Team) Analyst defines the remediation action plan for a return to normal and pilot remediation actions with technical teams.
Writing Procedures
CSIRT (Computer Security Incident Response Team) procedures (SOP) or creat new ones, develop global playbooks, document the IT context of the inforamtion system, develop scripts and processes to automate activities
Sanitary Actions: Conduct actions to limit or eradicate inappropriate behaviors which are non malicious but generate false positives.
User Awareness: during qualification and incident handling, remind users of the group secruity policies and best practices.
Hunting: CSIRT Analysts identify weak signals with various tools i.e. SIEM, IDS, PROXY, EDR
Monitoring Optimization: CSIRT Analyst proposes evolutions to the monitoring rules and processes.
Requirements for the SECURITY ANALYST - CYBERSECURITY
MSC in the field of IT security
5-8 years of experience in security operations (at least 2 years in a CSIRT / CERT / SOC position)
Good knoweldge of traditional safety equipment (firewall, proxy, reverse proxy, VPN, etc.)
Understanding of the generated logs and security architectures
Good knowledge of security issues such as attacks, vulnerabilities, etc.
Good knoweldge of standard protocols (HTTP, FTP, DNS, SSL, etc)
Good knowledge of Windows, Linux architectures
Knoweldge of AWS security and/or industrial IT security would be a plus
Preferred skills:
Forensic analysis and analytics
Certification: GCIH, GCIA, GCFE, GCFA
Excellent communication skills
by via developer jobs - Stack Overflow
No comments:
Post a Comment