SOC Analyst Security Operations Centre Analyst

Nasze wymagania: Experience as a Security Operations Centre Analyst; Minimum 1 year of experience in using, configuring, and tuning a security information and event management (SIEM) tool, ideally Splunk and/or ArcSight; Experience with a log management solution such as HP ArcSight Logger and/or Splunk or equivalent; Experience in writing and optimizing IDS signatures (preferably Snort and/or Suricata); Knowledge on: Network security solutions and technologies such as: Firewalls; Network intrusion detection systems (IDS); Intrusion prevention systems (IPS); Host-based security solutions: Host-based intrusion prevention systems (HIPS); Malware end-point protection; Operating system logs; Good knowledge on: MS Windows security events analysis; Security analysis of firewall, proxy, and IDS logs; Excellent analytical and critical thinking skills; Very good interpersonal skills with the ability to work well both independently and in a team; High degree of commitment and flexibility; High level of customer and service orientation; Ability to work effectively in an international and multi-cultural environment; Readiness to work in a 24/7 shift mode; Very good communication skills in English, verbally and in writing. Mile widziane: Experience in writing and optimizing YARA rules. O projekcie: End client: Europol Location: The Hague – relocation required Required security clearance: EU Secret level Estimated project start: in 6 months Zakres obowiązków: Acting as the 1st line of response regarding a potential occurrence of a cyber-attack or security incident, supported by several automated tools such as IDS, log correlation engines and SIEM, ticketing system, and alerts and warning from internal and external sources; Receiving, triaging, and responding to alerts, requests, and reports; Analysing events and potential incidents; Providing the primary support for Incident Responders; Assessing whether a security incident or the level of exposure of a vulnerability is a true or false positive, tagging the vulnerability or incident with an initial severity classification, and activating the corresponding incident response playbook entry; Following pre-defined procedures to perform technical tasks related to identity and access management (IAM).