Our client is looking to expand the Oporto team with a new SIEM Manager.
Sobre o nosso cliente
Our client is a well-know technology solutions provider with about 20 years of existence in IT business. They intend to implement a new SIEM solution and are looking for a manager for this team.
This role will ensure best practice implementation and operations of network security solutions, policies and emerging technology. You will ensure that all technologies are operationally ready and that the network security, SOC and NOC teams are enabled to execute on capabilities.
- Scrutinize and provide corrective analysis to escalated cybersecurity events from Tier 2 analysts.
- Provide proactively in-depth cybersecurity analysis, and trending/correlation of large data - sets such as logs, event and system data, and alerts from diverse network devices and applications within the enterprise to identify and troubleshoot specific cybersecurity incidents.
- Conduct security tool/application tuning engagements to develop/adjust rules and analyze/develop related response procedures.
- Responsible for deploying SIEM solution to customers.
- Creating scripts using Regex and other scripting languages.
- Identify and ingest IOC's into network security tools/applications.
- Quality-proof technical advisories and assessments prior to release from SOC.
- Report common and repeat problems to SOC management and propose process and technical improvements.
- Formulate technical best-practice SOPs and Runbooks for SOC Analysts.
- Respond to inbound requests via phone and other electronic means for technical assistance and resolve problems independently.
- Coordinate escalations with Incident Response Lead and collaborate with internal technology teams
- to ensure timely resolution of issues.
- BS in Information Security or equivalent work experience required and certifications.
- Five years of demonstrated operational experience as a cybersecurity analyst/engineer handling cybersecurity incidents and response in critical environments, and/or equivalent knowledge in areas such as; technical incident handling and analysis, intrusion detection, log analysis, penetration testing, and vulnerability management.
- Must have 5+ years of hands-on experience with REGEX rules and scripting.
- In-depth understanding of current cybersecurity threats, attacks and countermeasures.
- In-depth hands-on experience analyzing and responding to security events and incidents with most of the following technologies and/or techniques: Leading SIEM technologies; IDS/IPS; Network- and host-based firewalls; NAC; DLP; Database activity monitoring; Web and email content filtering; Vulnerability scanning tools, etc.
- Strong knowledge of TCP/IP protocols, services, and networking.
- Adept at proactive search, solicitation, and detailed analysis of threat intelligence derived from open-source resources and external entities, to identify cybersecurity threats and derive countermeasures, not previously ingested into network security tools/applications.
- Strong communication, interpersonal, organizational, oral, and customer service skills.
- Excellent ability to multi-task, prioritize, and manage time and tasks effectively.
- Ability to work effectively in stressful situations.
- Strong attention to detail.
- Young and dynamic corporate culture
- Employee benefit package
- Opportunity to advance skills through technical certifications and internal training programs
Candidate-se através do website