Security Monitoring & Response SUPPORT Analyst

Omschrijving:

The mission is: to enable sound and formal information security risk decision making by bank management, and to help with implementing a proper information security management system.

Information Security Strategy of our organization commits to deliver upon four objectives:

1) enable the extended enterprise;

2) Counter cybercrime;

3) Protect our information systems;

4) Manage security risks.

Providing the following services:

Proactive - support & intelligence to help prepare and secure bank systems in anticipation of cyber-attacks where threat management ensures collection, assessment and sharing of threat information.

Reactive - triggered by a request / incident / event identified by an intrusion detection system or reported by human.

To support those services, the client is looking for a Security Monitoring & Response Analyst to perform security monitoring, incident response, digital forensics and threat hunting activities.

You will carry the following responsibilities:

Security Monitoring

Monitor SIEM, EDR, Data Analytics Platforms and DLP solutions for alerts triggered by pre-defined detection use cases;
Investigate and qualify those alerts for further handling;
Provide feedback to engineering team for fine-tuning of detection use cases;
Develop runbooks for handling of security monitoring alerts.

Incident Response & Digital Forensics

Drive the handling of security incidents by defining and assigning response actions to IT personnel and following-up on their execution;
For severe incidents, steer and coordinate and ad hoc incident response team to contain, mitigate, eradicate and restore;
Perform Digital Forensics on a wide range of asset, but particularly on Windows systems;
Develop reaction plans for handling of security incidents.

Threat Hunting

Retroactively hunt for potential compromises and other security issues, based on new threat intelligence, gathered by our Threat Analysts.

Threat Collection and Analysis

Routinely collect the cyber threat intelligence information using Group CTI platform.
Execute threat analysis: Identify impacted assets, develop threat scenarios, define a ‘kill chain’, i.e. step-by-step analysis of the attack, prioritize threats.
Identify existing or missing counter-measures (controls & reaction plans) i.e. mapping to bank specificity: enterprise architecture, vulnerability status, latest incidents.
Operate and populate a threat knowledge management tool.
Generate reports and share within the relevant parties in the bank.

At least a first experience in information security, preferably within a SOC.

Good knowledge of IT security technology and processes (secure networking, web infrastructure, system security, security control point management, etc.);
Experience with reviewing alerts to determine relevancy and urgency by correlating different events and sources
Experience with detection and mitigation of phishing attacks
Experience managing incidents via ticketing systems such as HPSM and Service Now
Ability to clearly write documentation, procedures and knowledgebase articles
Experience with Use Case Development and Runbook creation
Familiar with networking concepts, configuration and components

Comfortable working in Windows and Linux based systems

Hand’s on malware analyses skills
Knowledge of digital forensics practices for Windows systems
Experience with security incident management as a SPOC in a SOC or CSIRT environment, coordinating incidents towards technical and management teams
Knowledge of various IDS/IPS such as Cisco Sourcefire and Palo Alto
Knowledge of log aggregation, SIEM solutions and Digital Analytics Platforms such as Splunk, ArcSight, ELK
Experience working with EDR solutions like Tanium and Mcafee
Experience with DDoS solutions and services such as Akamai and F5 WAF based application protections
Practical experience with Threat Hunting
Basic knowledge of Threat Modelling
Know how to interpret and analyse Threat Intelligence information and make it actionable via a CTI platform
Experience with DLP solutions like Symantec DLP
Knowledgeable about SOAR and automation techniques with Demisto or Cortex XSOAR

Basic Reverse Engineering skills

Bachelor/Master or equivalent by experience

Adhere to processes and procedures
Able to work in a rotating shift with on-call duties (24x7)
Can step up, take the lead and stand ground when needed
Must be strong Team player
Self-starter, pro-active attitude
Good communication skills vocally and written on different levels (to a group, towards technical people, end users, management)
Good analytical skills
Take ownership and be accountable for everything you do
Finish what you start
Autonomy, commitment and perseverance
Outstanding ability to work under stress in emergency situations
Attention to detail while seeing the bigger picture
Ability to learn on-the-job and perform knowledge sharing
Solid sense of integrity and identification with the mission

Desire for continuous improvement of the Cyber Defence capabilities

French

Good spoken & written (preferable)

Dutch

Good spoken & written (preferable)

English

Fluent spoken & written (mandatory)

Talent must be pampered. That is why we not only offer you a permanent contract of indefinite duration in exchange for your knowledge and commitment. We also act as your career planner and look for the best opportunities, training and growth opportunities for you. In addition to your competitive salary, you will receive a lot of fringe benefits (daily allowance, group and hospitalization insurance, company car, ...).

Are you a freelancer? Of course, you are also eligible and will receive a competitive rate.

Are you looking for an employer to guide your ICT skills in the right direction? Are you impatient to let your dynamism and ambition bear fruit in difficult projects? This is what we offer you at USG ICT, because we make the most of your knowledge and skills. Your mission: to carry out various missions and thus strengthen the results of our customers.

Freelancers are also welcome !