Cyber Defense Analyst (L2/L3)

Overview

Responsibilities

• Monitor multiple security technologies, such as IDS/IPS, Firewalls, Switches, VPNs, and other security threat data sources.
• Correlate and analyze events using SIEM tools to detect security incidents.
• Create, follow and present detailed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents.
• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
• Respond in a timely manner (within documented SLA) to support, investigate, and other cases.
• Document actions in cases to effectively communicate information internally and to customers.
• Resolve problems independently and understand escalation procedure.
• Maintain a high degree of awareness of current threat landscape and cybersecurity intelligence.
• Spread the cybersecurity intelligence across the team of analysts and engage in threat hunting activities.
• Lead delivery, and support others in the delivery, of knowledge sharing with analysts and writing technical articles for Internal knowledge bases, blog posts and reports as requested.
• Perform other essential duties as assigned.
• Analysis of log files, includes forensic analysis of system resource access.
• Create, follow and present customer reports to ensure quality, accuracy, and value to clients.
• Creation of new content (Use Cases, Queries, Reports) within the SIEM platform.
• Education and training of other analysts in use and operation of SIEM platform.
• On-site work with clients as required.
• Engage with client Incident Response team as required.
• Generate cybersecurity Threat Intelligence reports.

Qualifications

• 2-5 years of experience in cybersecurity, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, threat intelligence/hunting or digital forensics.
• Bachelor’s/Master’s Degree in Cybersecurity, Computer Science, Information Systems, Electrical Engineering, or a closely related degree.
• An active interest and passion in cybersecurity, incident detection, network, and systems security.
• A sound knowledge of IT security best practices, common attack types and detection / prevention methods.
• Demonstrable experience of analyzing and interpreting system, security, and application logs.
• Knowledge of the type of events that both Firewalls, IDS/IPS and other security related devices produce.
• Experience in using Splunk as an analyst for Threat and Incident Detection is required.
• Experience with ArcSight, LogRhythm, QRadar, is preferable but not mandatory.
• Strong understanding of Cyber Kill Chain and MITRE ATT&CK frameworks and techniques.
• Solid understanding of TCP/IP and network concepts and principles.
• Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS.
• Professional certificates are highly preferred (e.g., CCIE, OSCP, CISSP, GSEC, GCIA, GCIH, GMON, GREM, GDAT, GCFE…etc.).
• An experienced Analyst who aspires to be a leader, and is committed to learning the principles of leadership and the role of a leader.
• Outstanding organizational skills.
• Exclusive focus and vast experience in IT.
• Very good communication skills.
• Strong analytical and problem-solving skills.
• A motivated, self-managed, individual who can demonstrate exceptional analytical skills and work professionally with peers and customers even under pressure.
• Strong written and verbal skills.
• Strong interpersonal skills with the ability to collaborate well with others.
• Ability to speak and write in English is required; Ability to speak and write in both English and Arabic is preferred.
• Well-versed in developing content for SIEM (creating, fine tuning) use cases and rules.
• Experience with automation tools (SOAR) is preferred.
• Experience in Malware Analysis / Reverse Engineering is preferred.

Benefits

• Health insurance with one of the leading global providers for medical insurance.
• Career progression and growth through challenging projects and work.
• Employee engagement activities throughout the year.
• Tailored training & development program.

About Us