Job Description

At SilverSky we believe that every organization, regardless of size, deserves an enterprise-class cybersecurity program. We deliver world leading products and services for Managed Detection & Response, Endpoint Protection, Vulnerability Management, Email Protection, Security Device Management, Professional Services, Incident Response, and Security Partnerships.

We've built a strong team of high performing security experts and support staff, and we're constantly looking for new talent in our global sites - Raleigh (US), Belfast (UK), and Manila (AP). Our goal is to be the #1 customer focused organization in the cyber security industry, by continually delivering demonstrable customer security value through all of our partnerships, products, and services.

Requirement Overview

We're currently recruiting for roles in our Security Operations Centre (SOC) for a Level 1 (L1) Security Services (SES) analyst. SES Analysts in SilverSky operate at the front lines of cyber security, actively reviewing and analyzing data to identify potential threats to our customers worldwide. They also work directly with customers on meeting their cyber needs during onboarding and beyond. The best candidates are confident, quick learners and possess a clear passion for the security industry.

Applicants should have 2+ years' experience in cyber security or related disciplines, ideally within security operations directly.

The role is based upon core hours in the specified location, supporting our Global SOC customers. Shift / night work is not required, but some limited OnCall may be expected.

Primary Responsibilities

Configuration, tuning and management of a selection of industry leading SIEMs and other security technologies
Supporting the goals and outcomes of a global SOC operation.
Actively engage with customers on routine and high priority queries and analyses
Proactively analyse event data to adapt and improve current detection coverage
Support customers in onboarding and orientation to SOC services
Work with internal and external partner teams with customer outcomes at the core
Operate within a team of subject matter experts for Vulnerability, Patch and Endpoint management

Education And Experience

Degree in a relevant technical discipline, OR
Relevant Industry certifications (Security+, CEH, GIAC, etc.), OR
Commensurate technical industry experience

Required Skills And Competencies

Willingness to learn new skills and proactively drive self-education
Good verbal and written communication skills and work well with a team across multiple locations
Ability to work in a team environment, to work under pressure and show flexibility
Broad understanding & familiarity with networking concepts & protocols (TCP/IP, UDP, DNS, DHCP, HTTP, etc.)
Broad understanding & familiarity of Operating System fundamentals (Windows or Linux)
Broad understanding & experience with fundamental cyber security concepts, such as types of cyber-attacks and why attackers perform them
Previous experience in a relevant security technical role, such as a SOC or equivalent security operation
Previous experience with security detection technologies such as SIEMs, vulnerability management or endpoint management

Desired Skills And Competencies

Experience in a customer facing security role
Experience in scripting, automation and software development
Experience in incident response
Consummate relevant experience may be accepted in place of missed criteria.
There is no expectation of travel in this role
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0046   Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• K0111   Knowledge of network tools (e.g., ping, traceroute, nslookup)
• K0160   Knowledge of the common attack vectors on the network layer.
• K0177   Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• K0221   Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
• K0301   Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
• K0324   Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
• K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Required Skills

• S0025   Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
• S0054   Skill in using incident handling methodologies.
• S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Required Abilities

• A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.