Report this job

---

What is the problem? *

Incorrect company
Incorrect location
Job is expired
Job may be a scam
Other

Responsibilities: Maintaining and tuning high fidelity, low noise alerts to effectively identify and prioritize critical issues, minimizing false positives, and enhancing the overall security posture Develop and maintain high-quality threat detection rules, queries, and alerts based on identified use cases, threat scenarios, and structured threat intelligence Use predictive analytics to counter threats by tracking attack campaigns and pursuing strategic and tactical efforts to mitigate threats Enhance detection capabilities, develop contextualized alerts, and improve overall security posture by developing innovative ways to detect threats and anomalous behavior leveraging host, network, and data logs and detection tools Monitor, identify, consolidate and match current technical security threats Report the threats on a daily basis Provide analysis to help protect from advanced threats Continuously research and stay up to date with the latest cyber threats, attack vectors, and methodologies to improve detection capabilities with development and tuning of security use cases to enhance detection of active threats Monitor and respond to web application firewall alerts Searching of existing security alerts for indications of malicious activity Conduct regular reviews and assessments of detection rules and automated workflows to ensure optimal performance, effectiveness, and accuracy. Participate in incident response activates and provide subject matter expertise when required Qualifications: Demonstrates expert technical skills that are needed to defend the enterprise environment, such as: 5+ years of information security related experience, in areas such as: security operations, incident analysis, incident handling, vulnerability management or testing, system patching, log analysis, intrusion detection, or security device administration. Proficiency in SIEM tools e.g., Splunk, including rule creation, query writing, and alert management. In-depth packet analysis skills, core forensic familiarity, incident response skills, and data fusion skills based on multiple security data sources. Scripting and automation. System administration on Unix, Linux, or Windows. Network forensics, logging, and event management. Defensive network infrastructure (operations or engineering Vulnerability assessment and penetration testing concepts. Malware analysis concepts, techniques, and reverse engineering. In-depth knowledge of network and host security technologies and products (such as firewalls, network IDS, scanners) and continuously improve these skills. Familiarity with common cybersecurity frameworks such as NIST, or other leading practices, and industry standards. Relevant security certifications such as CISSP, GCIH, GCIA, or similar are highly desirable. Demonstrates behavioral skills, such as: Strong analytical and problem-solving skills, with the ability to identify and prioritize critical issues. Excellent written and verbal communication skills, with the ability to clearly explain complex security concepts to both technical and non-technical audiences. Ability to lead content discussion around incident investigation efforts and effectively coordinate communications. Demonstrated ability to work in a team environment, able to train and coach other team members. Strong logical thinking abilities, especially with content logic. Excellent analytical and problem-solving abilities. Excellent organizational and attention to details in tracking activities within various Security Operation workflows. Well established client-focused communication skills that requires to read, review, investigate, and summarize reports on complex issues, in a manner that can be understood by non-technical readers. Ability to lead content discussion around incident investigation efforts and effectively coordinate communications.