Junior Security Operations Analyst (REMOTE)
Updated: Jul 4
Client: United Nations
Location: Valencia, Spain or Remote
Application Deadline: 18th July 2021
To apply for this position, please send your resume at firstname.lastname@example.org and mention the job title that you are applying for.
IdealStaffs Consulting is looking for a Junior Security Operations Analyst to provide information and communication technology (ICT) services (including training) on an inter-organizational basis. The candidate must be flexible, able to work in a highly collaborative environment, prioritize across multiple competing tasks, and be able to complete tasks on time.
Under the direct supervision of Lead, Cyber security Operations within the close collaboration with the Information Security Services team members in Clients and Projects to perform the following duties:
Participates in a team of Security operations engineers investigating alerts, anomalies, errors, intrusions, malware, etc. to identify the responsible, determine remediation, and recommend security improvements
Monitor and investigate alerts using Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR
Monitor and triage AWS security events and detections
Monitor and investigate alerts leveraging EDR solutions
Review security events that are populated in a Security Information and Event Management (SIEM) system
Analyse a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident
Follows precise analytical paths to determine the nature and extent of problems being reported by tools, e-mails, alerts, etc.
Run vulnerability scans and reviews vulnerability assessment reports.
Manages and configures security monitoring tools
Open tickets and assigning them to Tier II or other Security Operation teams after eliminating false positives;
Responsible for working in a 24x7 Security Operation Centre (SOC) environment;
Integrate and share information with other analysts and other teams
Determines remediation and recovery efforts.
Other duties as assigned
Knowledge and Skills
Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols
Deep knowledge of with Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR
Deep Knowledge of Cloud technologies (e.g. Azure, AWS and GCP)
Proven knowledge of monitoring AWS environment (Iaas,Saas, Paas)
Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, Azure Sentinel, ELK Stack
Knowledge of at least one EDR solution (RedCloak, ATP, Sentinelone, Crowdstrike)
Knowledge of email security, network monitoring, and incident response
Excellent communication skills
Knowledge of Linux/Mac/Windows;
Programming skills (Python, Ruby, PHP, C, C#, Java, Perl, and more)
Any one of the following certifications
MCSE, CCNA, GCIH, CEH, GCFA or any SANS certification
Proven experience with Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR
Proven experience in monitoring AWS environment (Iaas,Saas, Paas)
Proven experience supporting and monitoring endpoints with one of the following EDR solutions (ATP, Crowdstrike, RedCloak, Sentinelone)
6 years of relevant experience in administration /support of one of the following services or technologies
Active Directory Services
Perimeter network infrastructure (IPS/IDS/Firewalls)
Operating systems (Windows 2008, Windows 2012, Windows 10, Linux, Apple iOS)
Exchange /Domino/Email services
Active Directory Federation Services
Endpoint protection tools
SIEM/log management solutions
Two years’ experience providing analysis and trending of security log data from a large number of heterogeneous security devices
Extensive Windows, Linux, Database, Application, Web server, etc. log analysis
Experience in vulnerability management and security incident response activities.
Experience on an Incident Response team performing Tier I/II initial incident triage.