SOC Analyst

Employer:Etisalat Misr
Job Title: SOC Analyst
Job Type: Full Time
Location: Cairo
Category: IT/Software Development , Engineering – Telecom/Technology
Description:

JOB PURPOSE:

  • Handles security incident escalations.
  • Communicates directly with data asset owners and business response plan owners during high
  • severity incidents.
  • Hunts for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
  • Assists continuous improvement of processes and work with other teams to improve alerts and     rules in the incident monitoring systems.

 KEY ACCOUNTABILITIES:

  • Performs in depth analysis and triage of security threat activities to confirm if the reported incident is a real incident or a false positive.
  • Thinks critically and creatively while analyzing security events, network traffic, and logs.
  • Identifies incident root cause and take proactive mitigation steps.
  • Takes an active part in the containment of incidents by engaging with concerned teams step by step to provide the best way to contain the incident.
  • Gives best scenarios to contain the incident with the minimum side effects.
  • Gives recommendations to concerned teams to close the incident with proper actions.
  • Communicates directly with data asset owners and business response plan owners during high severity incidents
  • Follows detailed operational process and procedures to appropriately response for the incidents.
  • Communicates with the owners to facilitate any obstacle stands in front of IR team to do the required steps.
  • Assists continuous improvement of processes and work internally at the team and with other teams to improve alerts and rules in the incident monitoring systems:
  • Enhances and fine tunes SIEM rules to identify more security incidents and reduces false positive alarms.
  • Assists the current security controls and give best recommendations for concerned teams based on number of incidents per control.
  • Builds required use-cases to detect more sophisticated attacks.
  • Builds IR plan for each use-case to match best practice.
  • Hunts for suspicious anomalous activity based on data alerts or data outputs from various toolsets:
  • Reviews security events that are populated in a Security Information and Event Management (SIEM) system.
  • Conducts further investigate for alerts to identify tactics, techniques and procedures used by the attacker to gain and maintain access in the network.
  • Explores worldwide threats against IT/ Communication business and map these techniques with Etisalat network behavior.
  • Reviews global threat Intelligence, investigates and provides Indicator of Compromises (IOC) and converts intelligence into useful detections.
Qualifications:

Essential

  • University Degree in:  BSC in Communication Engineering, Computer Engineering or Computer science.
  • Familiarity with the risk management framework NIST 800-37.
  • Familiarity with security controls as described in NIST 800- 35.
  • Experience with analysis and inspection of log information, packets, and other security tool information output from a variety of sources.
  • Excellent analytical and problem solving skills.
  • Knowledge of packet capture and analysis.
  • Strong interpersonal skills to interact with team members and upper management.
  • Strong collaborative skills.
  • Self-discipline to work according to playbook and time requirements.
  • Passion for cyber security and staying up-to-date with current threats, tools and techniques.
  • Willingness to learn new security technologies, products and incident analysis and response approaches.
  • Excellent written and oral communication skills.
  • Hands-on experience with some or all of the following is preferred:
  • Windows, Linux and Cisco operating systems.
  • Net Flow and full packet capture technology.
  • ntrusion Detection Systems (IDS) and SIEM technologies.
  • Firewalls, antivirus and other similar network security tools.
  • Fundamental understanding of:
  • Information security and Network Security Monitoring.
  • Computer networking (TCP/IP).
  • Cyber Security Incident Response, client-side and server-side attack chain and modern malware threats.
  • Knowledge and experience with scripting and programming (Python, PERL, etc.) is highly preferred.
  • Ability to prioritize tasks.

Experience:

Essential

  • Minimum of 2 years’ experience.
  • Area of experience: information security. Desirable
  • 3-5 years’ experience.
  • Area of experience: information security.

CERTIFICATIONS / CREDENTIALS / MEMBERSHIPS / LICENSES:

Essential:

  • Security training about information security solutions.
  • Different security certificates from common security vendors
Experience: 2 to 5 years
Salary: Confidential
Contact:

Collected from:

Posted in Engineering - Telecom/Technology IT/Software Development