Security Operations Centre Analyst
πριν από 5 μέρες

Reference Tasks :

The following list of tasks applies to this reference profile. This list is not exhaustive and may evolve in time :

  • Real-time monitoring of cyber defense and intrusion detection systems
  • Automatic-based processing (centralization, filtering and correlation) of security events
  • Human-based analysis of automatically correlated events
  • Processing of incoming warnings, alerts and reports
  • Categorize events, incidents and vulnerabilities based on relevance, exposure and impact
  • Maintain incident response address book
  • Provide support to incident responders
  • Advise affected users on appropriate course of action
  • Monitor open tickets for incidents / vulnerabilities from start to resolution
  • Escalate unresolved problems to higher levels of support, including the incident response and vulnerability mitigation teams
  • Configure the SIEM components for an optimal performance
  • Improve correlation rules to ensure that the monitoring policy allows an efficient detection of potential incidents. For a new component to be monitored, this encompasses
  • Analyzing risks and security policy requirements
  • Translating them into technical events targeting the system components
  • Identifying the required logs / files / artefacts to collect from the monitored system and, if necessary, possible complementary devices to deploy
  • Elaborating the relevant detection and correlation rules
  • Implementing these rules in the infrastructure
  • Configuring and tuning cyber-defense solutions
  • Reviewing and improving the monitoring policy on a regular basis
  • Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions
  • Contribute to the design of the overall monitoring architecture, in close relationship with the customers / system owners, on the one hand, and the security operations engineering team, on the other hand.
  • Produce and maintain accurate and up-to-date technical documentation, including processes and procedures, related to security incidents and preventive maintenance procedures
  • Handle incidents, requests and problem tickets of customers or internal users.
  • During security incidents, implement detection means to monitor attacker activities in real-time
  • During security incidents, support the incident response team in the review / analysis of security logs.
  • Provide activity reports to management to demonstrate service SLA and service quality
  • Υποβάλετε αίτηση
    Προσθήκη στα αγαπημένα
    Κατάργηση από τα αγαπημένα
    Υποβάλετε αίτηση
    Το e-mail μου
    Πατώντας στο κουμπί «Συνέχεια », δίνω στο neuvoo τη συγκατάθεση μου να καταχωρήσει τα δεδομένα μου και να μου στέλνει ειδοποιήσεις μέσω email, όπως αναφέρεται λεπτομερώς στην πολιτική προστασίας προσωπικών δεδομένων του neuvoo. Μπορείτε ανά πάσα στιγμή να αποσύρετε τη συγκατάθεση σας ή να διαγραφθείτε οποιαδήποτε στιγμή.
    Φόρμα αίτησης