csirt Associate analystEclaro

Assignment DetailIndustry: TelecommunicationsJob DescriptionCSIRT Associate AnalystIn support of our world leading position in Cyber Security, we support clients worldwide providing an Incident Response service; the Computer Emergency Respon Assignment Detail Industry: Telecommunications Job Description CSIRT Associate Analyst In support of our world leading position in Cyber Security, we support clients worldwide providing an Incident Response service; the Computer Emergency Response Team (CSIRT). Company offered service will consist of designated CSIRT Analysts full time or as a shared resource, who will work with Company's security services teams and Customer's security and IT staff as well as users and other important stakeholders. The CSIRT Associate Analyst will be working within the incident management process in accordance with the procedures designed in cooperation with the Customer. The CSIRT Associate Analyst is expected to have familiarization in the field of security incident response with a desire to learn. Successful candidates typically have a technical degree or 1-2 years of information security experience with strong focus on Incident Response as well as technical certifications to reinforce their practical experience. The CSIRT Associate Analyst has strong coordination, communication and collaborations skills as well as a good technical and architectural understanding. On a day to day basis the CSIRT Analyst will assist with identify and respond to incidents as well as proactively propose improvements for how to reduce risk and potential future incidents. Shift work will be required and shift assignments will be based on business needs Duties: Utilize and adhere to defined workflow and processes driving the Incident Response Process and escalation/handoff actions Receive and monitor incident information from Company managed security services and other sources; Review the collected incident data and confirm or reject incidents based on the analysis; Classify and prioritize incidents based on established criteria; Facilitate communication between stakeholders and senior members of the status of the incident; Coordinate the containment effort based on the available information and established processes Leverage fundamental understanding of Operating Systems: Windows, Unix/Linux, and OSX Operating Systems in support of identifying security incidents and to have a proper overview of risk profile Execute analysis of email based threats to include understanding of email communications, platforms, headers, transactions, and identification of malicious tactics, techniques, and procedures Utilize a variety of security tools and technologies to analyze potential threats to determine impact, scope, and recovery Additional Duties: Make containment decisions and facilitate decision making by other parties using established escalation process; Communicate with the affected users and stakeholders to organize the containment effort; Verify the effectiveness of containment actions taken; Identify the attack vector of used by incident and confirm take actions to confirm that similar incidents are prevented in the future; Validate the effectiveness of the eradication actions; Coordinate the recovery actions; Confirm that the recovery effort was successful; Confirm that all temporary containment efforts have been removed; Update stakeholders on the status of the recovery effort; Conduct a root cause analysis for the incident; Communicate the results of the root cause analysis to Customer and stakeholders to prevent similar incidents in the future; Analyze the incident response effort, with feedback from Customer and third parties. Identify and analyze any mistakes as well as good decisions done during response process; Use the results of the analysis as an input for improvements, such as incident response SPOC in case of technical escalations. Requirements: Bachelor's degree in Computer Science or related field Or 1-3 years' experience in security operations, risk management, operational management, and/or consultant management Or a non-related Bachelor's degree and Security Certification(s) Strong communication skills and ability to engage with customers at both technical and executive levels Clear and concise written and oral English, including the ability to product professional-level documentation Strong problem-solving and security analytics skills; able to identify gaps in processes and recommend improvements for mitigation Strong leadership skills and a proactive approach to customer issues Ability to excel in high pressure environments Preferred Skills: Strong SIEM (SPLUNK) and log analytics skills Security + or Network + Certification SANS or other Security certifications, such as GCIA, GCIH, GREM, GPEN, CEH CISSP Certification ITIL Foundations training / certification Knowledge of ISO 27001 requirements Experience in Security Operation Centre (SOC) processes Knowledge of common types of malware, their infection vectors, how identify them using network and host based tools, how to eradicate them and verify the success of eradication efforts. Knowledge of current security threats and vulnerabilities, how to detect and mitigate them, ability to understand their possible consequences on the customer's environment Understanding of modern technologies used to detect malware and vulnerabilities and protect assets Understanding of modern network and cloud technologies Knowledge of common types of malware, their infection vectors, how identify them using network and host based tools, how to eradicate them and verify the success of eradication efforts Knowledge of current security threats and vulnerabilities, how to detect and mitigate them, ability to understand their possible consequences on the customer's environment Understanding of modern technologies used to detect malware and vulnerabilities and protect assets Understanding of modern network and cloud technologies
Monster

Philippines
Permanent
Full-time