Lead Security Analyst (L3)
  • United Arab Emirates Abu Dhabi
  • Dicetek LLC
1 year before
31.01.2024
Protect and Defend
Incident Response
Job Description

Lead Security Analyst
• 10+ years of related experience in information technology and/or information security preferred.
Experienced with data analysis, centralized logging (Splunk. QRadar, ELK, Kafka, Rsyslog, etc.);

Scripting and development skills (BASH, Perl, Python or Java) with strong knowledge of regular expressions.

Capability to develop use cases or additional detection capabilities based on the SIEM query language, understanding of incident response.

Skill to analyze large data sets and unstructured data, manually or using tools to identify trends and anomalies indicative of malicious activity.

Knowledge of current security threats, techniques and landscape, and dedicated desire to research current information security landscape.

Cloud Security experience and certifications would be ideal

Certifications like SANS, Splunk, ELK, Bigdata or vendor specific preferred.

Experience with networking protocols, firewalls, host and network IPS, Linux, virtualization containers technologies, databases, web servers.

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • K0034   Knowledge of network services and protocols interactions that provide network communications.
  • K0041   Knowledge of incident categories, incident responses, and timelines for responses.
  • K0042   Knowledge of incident response and handling methodologies.
  • K0046   Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
  • K0058   Knowledge of network traffic analysis methods.
  • K0062   Knowledge of packet-level analysis.
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0161   Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • K0162   Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • K0221   Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
  • K0259   Knowledge of malware analysis concepts and methodologies.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0565   Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
Required Skills
  • S0079   Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
  • S0080   Skill in performing damage assessments.
  • S0173   Skill in using security event correlation tools.
Required Abilities
  • A0121  Ability to design incident response for cloud service models.
  • A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.