Senior Analyst, Cyber

• Determine and direct security incidents investigation, remediation and recovery efforts
• Perform Advanced Persistent Threat correlation between multiple security event sources such as firewall logs, threat intelligence feeds, AV, IDS, IPS, and EDR solutions.
• Maintains current knowledge of emerging security threats and relevant regulatory requirements, utilizing the latest threat intelligence—such as indicators of compromise and updated detection rules—to identify impacted systems and assess the extent of security incidents.
• Propose and implement new detection use cases.
• Review and fine tune false positive incidents.
• Conduct research of client network traffic and system activity looking for security anomalies and suspicious activities.
• Monitoring and management of SIEM and vulnerability management infrastructure.
• Review and assess the severity of vulnerabilities, accurately assign appropriate priorities, and propose an effective remediation plan.
• Review and implement efficient vulnerability detection strategies
• Assist with the development of incident response plans, workflows, and Standard Operating Procedures.
• Continuously assess and document current state of security monitoring tools and recommend enhancements to SOC security process, procedures, and policies.
• Help customer reviewing and interpreting security assessments.
• Hold weekly customer calls to review service KPIs, record meeting notes, and report to the team lead.
• Adhere to strict change management process.
• Prepare and evaluate monthly reports, including comprehensive analysis.
• Monitor the service ticket board to ensure tickets are managed and responded to in accordance with the Service Level Agreement (SLA), and consistently perform timely ticket management tasks.
• Offer constructive feedback and help automating standardised tasks along with troubleshooting scripts used to enhance internal operational processes.
• Participate in on-call rotation for after-hours service coverage.
• Other responsibilities and additional duties as assigned by the security management team.
• Offer guidance and support to junior members of the Security Operations Centre team.

• 3+ years of experience working in a Security Operations Centre, utilising Security Incident & Event Management (SIEM) systems to correlate events across multiple devices, with proven ability to review and assess vulnerabilities using vulnerability management platforms.
• Proficient knowledge in incident detection and response tools
• Knowledge of network and server security products, technologies, and protocols
• Good understanding of network security tools such as Intrusion Detection Systems (IDS)/ Intrusion Prevent Systems (IPS), firewalls, network packet capture tools.
• Requires background in at least 2 of the following domains: security analysis and investigations, ethical hacking, incident response, forensics analysis, security engineering, security automation, threat hunting
• Mandatory experience on SIEM technology (preferably IBM QRadar and Microsoft Sentinel) and vulnerability management platform (preferably Qualys)
• Desired experience on EDR technologies, preferably Sohphos or Defender for endpoint.
• Desired experience with scripting tools (bash, python)
• Familiarity with security devices such as firewalls and IPS/IDS systems, as well as networking concepts related to routing and switching.
• Security certifications: CISSP, CISM, GIAC certs, CEH, CompTIA security+, etc.

Presidio