Senior Security Analyst

Job Purpose

Operational

• Follow response procedures and other CIC related SOPs based on the incident impact analysis & predetermined response actions procedures Manage the communication of policies & guidelines and monitor the compliance CIC operations to the cyber-security policies & guidelines.
• Work closely with security analysts to get direct feedback about new, unknown suspicious behaviour
• Handle escalated incident from security analyst to conduct deep investigations.
• Gain knowledge of existing policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of ENOC information assets
• Conduct malware analysis using run-time analysis, comparative analysis, and reverse engineering tools
• Conduct digital forensics and deep investigations and evidence handling in line with best practices
• Preform threat hunting, discovery and exploration to identify threats that pass traditional detection tools.
• Perform proactive research to identify and characterize new emerging threats, vulnerabilities, and risks.
• Review and align priority, severity and classification of security incidents
• Develop metrics, reporting and documentation on frequency, impact, and types of incidents.
• Collaborate on the investigation of incidents, containment, remediation and root cause analysis
• Collaborate and conduct research to design and implement new security technology, update existing strategies, improve process and create additional documentation.
• Develop techniques and processes to identify anomalous behavioral patterns.
• Collect contextual information and pursue technical root cause analysis & attack method analysis
• Identify gaps, take ownership of tasks and become a contributor to projects related to CIC as needed.
• Advocate security best practices, strategy, architecture, and assist in security design consultations.
• Apply strategic and tactical responses in challenging environments with heterogeneous systems.
• Provide functional support and content development and improvements for the SIEM and other security technologies used by CIC.
• Participate in Development and implementation of new correlation rules and use-cases in SIEM and enhance the monitoring and detection capabilities of the CIC to integrate SIEM with other monitoring tools with appropriate scripting knowledge skills
• Coordinate with internal and external stakeholders to handle cyber incidents as per approved SOPs and management directions
• Participate in closing identified security audit points.
• Periodically report on IT security status, security systems efficiency, and recommended improvements to management.
• Should be on-call 24 hours per day to respond to cyber security emergences