Security Analyst

ResponsibilitiesMonitor and analyse the organization's networks and systems on a daily basis to detect, identify, investigate, and mitigate potential threats.Identify anomalous behavior, recognize patterns of malicious activity, and take appropriate corrective action Follow detailed operational process and procedures to appropriately analyse, escalate, and assist in remediation of critical information security incidents.Correlate and analyse events using the Splunk/Log Rhythm SIEM tool to detect IT security incidents.Conduct analysis of log files, including forensic analysis of system resource access.Monitor multiple security technologies, such as SIEM, IDS/IPS, EDR, Firewalls, Switches, VPNs, and other security threat data sources.Respond to inbound requests via phone and other electronic means for technical assistance with managed services.Respond in a timely manner (within documented SLA) to support, threat, and other cases.Document actions in cases to effectively communicate information internally and to customers.Resolve problems independently and understand escalation procedure.Maintain a high degree of awareness of the current threat landscape.Perform other essential duties as assigned.Able to work in rotating shifts within a 24/7 operating environment.Qualifications & Skills3-5 years of experience in Security Operations, Incident response and monitoring , threat hunting etc.A Degree in Computer Science, Information Systems or equivalent.CCNA, CompTIA CySA+, CISSP, GCA, GCIA, GCIH, CEH, SIEM-specific certifications would be preferable.An active interest in internet security, incident detection, network and systems security.A sound knowledge of IT security best practices, common attack types and detection/prevention methods.Demonstrable experience of analysing and interpreting system, security, and application logs.Knowledge of the type of events that both Firewalls, IDS/IPS, and other security related devices produce.Experience in using SIEM tools such as Splunk & Log Rhythm.TCP/IP knowledge, networking, and security product experience.Knowledge of Cyber Kill Chain and MITRE ATT&CK frameworks.Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.Ability to analyse data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents Strong analytical and problem-solving skills.Very good communication skills.Strong interpersonal skills with the ability to collaborate well with others.