Responsibilities:

• Perform analysis of logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify potential threats.
• Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.
• Participate in continuous active threat hunting across the environment, to include reacting to technical alerts as well as proactively searching for trends or areas of interest, working with peers to resolve any potential threats in a timely manner.
• Contribute to information security process improvement including recommendations for tuning of rules to reduce false positives.
• Actively contribute to vulnerability reviews, including the coordination of required fixes/changes where necessary.
• Act as a SME for the organization’s file sharing platform, to include resolving access issues and applying patches/upgrades when available.
• Work with Security Information and Event Management (SIEM) to manage/tune the system, create/manage the detection content and actively watch for alerts.
• Correlate network, cloud and endpoint activity across environments to identify attacks and unauthorized use.
• Tier 2 support for web proxy to include timely and effective troubleshooting and implementation of fixes.
• Research emerging threats and vulnerabilities to aid in the identification of incidents.
• Assist with creating and developing playbooks for managing security events.
• Maintain quality of service by following organizational standards.
• Understand the organization’s mission, values, operations, goals, risks and risk tolerance.
• Contribute to team effort by supporting peers and accomplishing related results as needed.
• Recognize problems by identifying abnormalities and reporting security violations.
• Maintain technical knowledge by attending training courses, educational workshops where required.

Required:

• Minimum 3 years’ experience in a similar role is required, to include analyzing network and host-based security events.
• Good, demonstrable understanding of malware analysis, intrusion detection, and threat intelligence.
• Proven ability to work independently and collaboratively as part of a global team.
• Ability to work on own initiative with minimal to no supervision and adapt to changing environments with ease.
• Strong understanding of web proxies and experience with troubleshooting performance issues.
• Knowledge of network systems and security protocols.
• Experience with attacker tactics, techniques and procedures.
• Knowledge of security software programs and implementation.
• Basic knowledge of best practices in developing security procedures and infrastructure.
• Experience with file sharing platforms and applying patches/upgrades.
• Strong analytical and problem solving skills.
• Consistent attention to detail and follow up skills.
• Strong team player with proven ability to self-manage in a pressured environment and whilst dealing with competing priorities.
• Excellent communication, interpersonal and consultative skills.
• Ability to interface with, and gain the respect of, stakeholders at all levels and roles in the organization.