Cyber Security Analyst
The Cyber Security Analyst provide 24x7 eyes-on-glass service; formed from a team of security analysts with some years of experience. The monitoring and identification tier are responsible for the real-time monitoring and identification of security incidents. Analysts staffed at Level 1 monitor the MDR Centre main channel event streams within the MDR Centre security information and event management (SIEM) platform and other MDR Centre tools. They identify suspicious activity, open an incident investigation and perform preliminary investigation to validate the incident. If the incident is determined to be more complex and requires more time and/or deeper expertise to analyse, the Tier 1 – Analyst will transfer the open investigation to Tier 2 for further analysis and escalation.
• Performs real-time monitoring of security alerts generated by various MDR tools deployed by True Digital.
• Investigates potential security incidents under the guidance of playbooks and procedures.
• Analyses and assesses security alerts.
• Validates, classifies and opens security incident cases or escalates to Level 2 analysts.
• Serves as a primary contact point for reporting potential security incidents.
• Document security incidents as identified by the case management process.
• Provides feedback on enhancing the operations of the cyber security operations centre.
• Responds to security alerts generate within the SLA time window.
• Bachelor degree in science or engineering is preferable.
• Analytical and problem-solving skills are required.
• Some working knowledge in operating SIEM solutions.
• Knowledge and/or experience with common security tools such as anti-virus, intrusion detection and firewalls are required.
• Knowledge and/or experience with Microsoft Windows and Linux operating systems is required.
• Knowledge and/or experience with network protocols such as TCP/IP, Syslog, DNS and NetFlow is required.
• Experience in networking or application development is preferred
• Knowledge and/or experience with databases is preferred.
• Knowledge and/or experience with security vulnerability assessment tools is preferable.
• Good English communication, including conducting presentations and creating security incident reports, is required.
• Working experience in a MDR Centre, Security Operations Centre (SOC), Managed Security Service (MSS), or enterprise network environment.