Senior Security Analyst (L2)
  • United Arab Emirates Abu Dhabi
  • Dicetek LLC
1 year before
31.01.2024
Protect and Defend
Incident Response
Job Description

Senior Security Analyst

As a Senior Security Analyst (Tier 2) you will be responsible for monitoring in-house and client security alerts/incidents while working shifts.

Primary responsibilities include participating in various incident investigations, creating new detection methodologies and providing expert support to alerting, incident response and monitoring functions.

Day to day operations involves dealing with SIEM Monitoring, reporting and security incident handling.

Responsibilities

Working in shifts to cover 24/7 service with (8+1) hour work shifts.

Coordinating and conducting event collection, log management, event management, compliance automation and identity monitoring activities using SIEM technologies.
• 5+ years of related experience in information technology and/or information security preferred.
Experienced with data analysis, centralized logging (Splunk. QRadar, ELK, Kafka, rsyslog, etc.);

Scripting and development skills (BASH, Perl, Python or Java) with strong knowledge of regular expressions.

Cloud Security, SANS Trainings and GIAC Certifications preferred.

Offensive Security Certifications like OSCP, OSCE etc.

Vendor certifications like SPLUNK, ELK Stack, Big Data frameworks preferred

Capability to develop use cases or additional detection capabilities based on the SIEM query language, understanding of incident response.

Skill to analyze large data sets and unstructured data, manually or using tools to identify trends and anomalies indicative of malicious activity.

Linux incident handling skill would be preferred

Knowledge of current security threats, techniques and landscape, and dedicated desire to research current information security landscape.

Experience in analyzing networking protocols, firewalls, host and network IPS, Linux, virtualization containers technologies, databases, web servers.

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0041   Knowledge of incident categories, incident responses, and timelines for responses.
  • K0042   Knowledge of incident response and handling methodologies.
  • K0058   Knowledge of network traffic analysis methods.
  • K0161   Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • K0177   Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • K0230   Knowledge of cloud service models and how those models can limit incident response.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0565   Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
Required Skills
  • S0003   Skill of identifying, capturing, containing, and reporting malware.
  • S0077   Skill in securing network communications.
  • S0079   Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
  • S0365   Skill to design incident response for cloud service models.
Required Abilities
  • A0121  Ability to design incident response for cloud service models.
  • A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.