Security Analyst (L1)
  • United Arab Emirates Abu Dhabi
  • Dicetek LLC
1 year before
31.01.2024
Protect and Defend
Cyber Defense Analysis
Job Description

Security Analyst

As a Security Analyst (Tier 1), you will be responsible for monitoring in-house and client security alerts/incidents while working shifts.

Primary responsibilities include monitoring SIEM platform triaging alerts, work to cover 24/7 service with (8+1) hour work shifts.

Participating in threat-actor based investigations, suggesting new detection methodologies and providing expert support to alerting, incident response and monitoring functions.

Day to day operations involves dealing with SIEM Monitoring, various reporting and security incident handling.
• 2+ years of related experience in information technology and/or information security preferred.
Experienced with data analysis, centralized logging (Splunk. QRadar, ELK, Kafka, rsyslog, etc.);

Scripting and development skills (BASH, Perl, Python or Java) with strong knowledge of regular expressions.

Capability to develop use cases or additional detection capabilities based on the SIEM query language, understanding of incident response.

Skill to analyze large data sets and unstructured data, manually or using tools to identify trends and anomalies indicative of malicious activity.

Linux incident handling skill would be ideal

Knowledge of current security threats, techniques and landscape, and dedicated desire to research current information security landscape.

Experience in analyzing networking protocols, firewalls, host and network IPS, Linux, virtualization containers technologies, databases, web servers.

Quick response
Required Knowledge
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0042   Knowledge of incident response and handling methodologies.
  • K0180   Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • K0221   Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
  • K0324   Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
Required Skills
  • S0020   Skill in developing and deploying signatures.
  • S0054   Skill in using incident handling methodologies.
  • S0057   Skill in using protocol analyzers.
  • S0096   Skill in reading and interpreting signatures (e.g., snort).
  • S0169   Skill in conducting trend analysis.
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Required Abilities
  • A0066  Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0159  Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).