We're #hiring a new SOC SIEM Specialist in Utrecht, Utrecht. Apply today or share this post with your network.
Claremont Consulting’s Post
More Relevant Posts
-
#SIEM rules if you don't follow, your #SOC will be in trouble very soon: 1- If you are not fine-tuning the detection rules on daily basis. 2- Not filtering out noisy logs at all. 3- Not exercising caution while filtering out logs. 4- Not ensuring proper sizing of storage. 5- Onboarding logs without planning. 6- Onboarding logs without parsing and fields extractions. 7- Enabling out-of-the-box detection rules without proper understanding and customization. 8- Not hiring a skilled SIEM admin. 9- Not hiring skilled dedicated detection engineers. 10- Not conducting necessary health check on all SIEM components periodically.
To view or add a comment, sign in
-
To be a professional SOC analyst and investigator, you must develop and master a combination of technical, professional, and presentation skills. Thus You can use the below categories and their items as your assessment metrics to track your improvement progress. #Technical_skills 1- Network Security: Understanding of network protocols (TCP/IP, HTTP, DNS, etc.) Knowledge of network devices (routers, switches, firewalls, Proxies, WAF and Email gateway) 2- Endpoint Security: Knowledge of antivirus and anti-malware solutions Understanding of endpoint detection and response (EDR) tools 3- Threat Intelligence: - Ability to analyze threat intelligence feeds - Understanding of IOCs & IOAs. 4- Incident Response: - Skills in digital forensics and incident response (DFIR) - Experience with incident handling methodology and it's phases 5- Log Analysis: - Proficiency in analyzing logs from various sources (FWs, IDS/IPS, SIEM) 6- Vulnerability Management: - Knowledge of vulnerability assessment tools (Nessus, OpenVAS,Qualys) 7- Security Information and Event Management (SIEM): - Experience with SIEM platforms (ArcSight, QRadar, Splunk) 8- Scripting and Automation: - Skills in scripting languages (Python, PowerShell, Bash) 9- Operating Systems: - A deep knowledge of Windows and Linux. #Professional_Skills 1- Analytical Thinking: Strong problem-solving skills and can think critically and make decisions under pressure. 2- Attention to Detail: Precision in analyzing data and identifying anomalies 3- Communication: Effective written and verbal communication skills 4- Team Collaboration: Experience working in a team environment and ability to collaborate with cross-functional teams. 5- Time Management: Ability to prioritize tasks and manage time effectively and has skills in handling multiple incidents simultaneously 6- Continuous Learning: Commitment to staying updated with the latest security trends and technologies. #Presentation_Skills 1- Report Writing: the ability to create clear and concise incident reports and proficiency in documenting investigations and findings 2- Presentations: Skills in creating and delivering presentations to management and stakeholders. 3- Visualization: Proficiency in using tools to create visual representations of data (charts, graphs) i.e. the ability to present data in a meaningful and impactful way. By developing these skills, you can effectively detect, analyze, and respond to security incidents, thereby contributing to the overall security posture of your organization. #SOC #IR #Profissional #Cyber_Defense #Cybersecurity #SOC_Reporting #SOC_Visulaization #SOC_Communication #SOC_automation
To view or add a comment, sign in
-
Akamai prolexic SOC analyst JD. Level 4 Position with 8+ years of experience Need immidiate joiner. Scope: • DDoS Attack Mitigation: The primary responsibility is to detect, analyze, and mitigate Distributed Denial of Service (DDoS) attacks targeting Akamai customers. • Incident Response: Rapidly respond to DDoS incidents, assess their impact, and implement appropriate mitigation strategies. • Monitoring and Alerting: Continuously monitor network traffic, security logs, and alerts from Prolexic systems. • Tuning and Optimization: Fine-tune DDoS detection rules and thresholds to minimize false positives and enhance accuracy. • Collaboration: Work closely with other security teams, network engineers, and customer support to ensure effective DDoS protection. • Security Incident Handling: Investigate and respond to security incidents escalated from L2 analysts. • Threat Detection and Analysis: Monitor security alerts, analyze logs, and identify potential threats. • Forensics and Root Cause Analysis: Conduct in-depth investigations to understand attack vectors and root causes. • Security Tool Management: Manage and fine-tune security tools (SIEM, IDS/IPS, etc.). Deliverables: • Incident Reports: Detailed reports on detected DDoS attacks, including attack vectors, duration, and impact. • Mitigation Recommendations: Provide guidance on improving DDoS resilience based on observed attack patterns. • Documentation: Maintain accurate records of incidents, mitigation actions, and lessons learned. • Training: Train other team members and customers on DDoS best practices. • Continuous Improvement: Contribute to enhancing Prolexic's detection capabilities and response procedures. • Escalation Procedures: Document clear escalation paths for critical incidents. • Playbooks: Develop and maintain incident response playbooks for common scenarios. • Collaboration: Work closely with L1 and L2 analysts, as well as other Network & Security teams. • Metrics and KPIs: Track and report on SOC performance metrics (e.g., mean time to detect, mean time to respond). email resumes to [email protected]
To view or add a comment, sign in
-
Lead Security Engineer (Security Operations) Melbourne $190k+ package Threat-centric approach to critical infrastructure. Work of things that have never been done before! A recent project was for one of the world's largest batteries. We need someone who can implement controls but also understands the “why” behind each one. You should be able to ask, “What threat are we mitigating? How does this control support the overall security strategy?” What You’ll Be Doing: • Policy Management: Oversee and manage security policies to ensure alignment with security objectives. • Strategic Alignment: Understand the intent behind security strategies and translate them into actionable controls. • Threat-Centric Implementation: Implement controls that focus on mitigating specific threats and techniques. • SIEM Development: Build and enhance SIEM capabilities for more effective monitoring and analytics. • Control Implementation: Build and optimize: • Endpoint Security • Email Security • Network Security • Identity and Access Management (IAM) Sound fun? Australian Citizen? Send me a DM
To view or add a comment, sign in
-
#hiring *Cyber Security Evaluation & Testing (CSET) Team Member with Security Clearance*, Orlando, *United States*, fulltime #jobs #jobseekers #careers #Orlandojobs #Floridajobs #ITCommunications *Apply*: https://lnkd.in/gEkPKeB2 Job Description PRIMARY DUTIES & RESPONSIBILITIES: Oversee CSET Team operators and provide guidance and subject matter expertise to government personnel Support offensive security/red team/adversarial emulation testing Execute Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery Develop comprehensive security testing strategies and programs across NCRC-U to provide assurance that security controls are designed and operating effectively Develop innovative accelerators, tools, mechanisms, and processes to enhance the security team's velocity and scale to customer needs Facilitate multiple stakeholders to agree on appropriate solutions and verify that risks are mitigated appropriately. Demonstrate creativity, insight, intellectual flexibility, and sound business judgment throughout the process Work independently but collaborate with cross-functional to provide security engineering consulting and control design recommendations to reduce risk Conduct open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure Systematically analyze each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering Develop payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement Safely utilize attacker tools, tactics, and procedures when in sensitive environments/devices Evade EDR devices such as Windows Defender and Carbon Black to avoid detection by Defenders/behavioral based alerting in order to further the engagement objectives Demonstrate expertise in one of the following: Active Directory, Software Development, Incident Response, or Cloud Infrastructure Carefully document and log all exploitation activities Continually exercise situational awareness in order quickly identify any instances of cohabitation Document identified vulnerabilities and research corrective/remediation actions in order to recommend a risk mitigation technique(s) Demonstrate new vulnerabilities and assist Network Defenders (Blue Team) with the refinement of detection capabilities Maintain knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents Communicate effectively with team members and during an engagement Ability to think unconventionally in order to develop adversarial TTPs Keep current with TTPs and the late
To view or add a comment, sign in
-
#hiring *Cyber Security Evaluation & Testing (CSET) Team Member with Security Clearance*, Orlando, *United States*, fulltime #jobs #jobseekers #careers #Orlandojobs #Floridajobs #ITCommunications *Apply*: https://lnkd.in/gEkPKeB2 Job Description PRIMARY DUTIES & RESPONSIBILITIES: Oversee CSET Team operators and provide guidance and subject matter expertise to government personnel Support offensive security/red team/adversarial emulation testing Execute Red Team engagements in a variety of networks using real-world adversarial Tactics, Techniques, and Procedures (TTPs) from conception to report delivery Develop comprehensive security testing strategies and programs across NCRC-U to provide assurance that security controls are designed and operating effectively Develop innovative accelerators, tools, mechanisms, and processes to enhance the security team's velocity and scale to customer needs Facilitate multiple stakeholders to agree on appropriate solutions and verify that risks are mitigated appropriately. Demonstrate creativity, insight, intellectual flexibility, and sound business judgment throughout the process Work independently but collaborate with cross-functional to provide security engineering consulting and control design recommendations to reduce risk Conduct open-source intelligence gathering, network vulnerability scanning, exploitation of vulnerable services, lateral movement, install persistence in a target network(s), and manage C2 infrastructure Systematically analyze each component of an application with the intent of locating programming flaws that could be leveraged to compromise the software through source code review or reverse engineering Develop payloads, scripts and tools that weaponize new proof-of-concepts for exploitation, evasion, and lateral movement Safely utilize attacker tools, tactics, and procedures when in sensitive environments/devices Evade EDR devices such as Windows Defender and Carbon Black to avoid detection by Defenders/behavioral based alerting in order to further the engagement objectives Demonstrate expertise in one of the following: Active Directory, Software Development, Incident Response, or Cloud Infrastructure Carefully document and log all exploitation activities Continually exercise situational awareness in order quickly identify any instances of cohabitation Document identified vulnerabilities and research corrective/remediation actions in order to recommend a risk mitigation technique(s) Demonstrate new vulnerabilities and assist Network Defenders (Blue Team) with the refinement of detection capabilities Maintain knowledge of applicable Red Team policies, Standing Ground Rules, regulations, and compliance documents Communicate effectively with team members and during an engagement Ability to think unconventionally in order to develop adversarial TTPs Keep current with TTPs and the late
https://www.jobsrmine.com/us/florida/orlando/cyber-security-evaluation-testing-cset-team-member-with-security-clearance/470435930
To view or add a comment, sign in
-
💡 I've successfully finished all 15 of the needed modules for the Hack The Box SOC Analyst Job Role Path. It has been an excellent experience, particularly because the course is entirely hands-on and practical. Along with many other things, I have become proficient in the following areas of the SOC Path: - SOC processes & Methodologies - SIEM Operations (ELK & Splunk) & Tactical technical Analysis of various incidents - Windows Log Analysis - Threat Hunting using known attackers TTPs, baseline deviation and heuristic analysis - Network Trafffic Analysis including IDS/IPS tools - Forensic Analysis The next step is to use the knowledge from the completed Modules by taking the CDSA exam. #HackTheBox #Cybersecurity #CyberDefense #SOCAnalyst #CDSA #securityoperationscenter #splunk #keepgoingstrong #keeplearningkeepgrowing
Completed SOC Analyst
academy.hackthebox.com
To view or add a comment, sign in
-
Mail: [email protected]; Hiring - Salesforce LWC Developers - 5+ yrs, Java Spring developers, T-SQL+SSIS+SQL, Siebel Developers**
#hiring #soc #socanalyst #onsite #qatarjobs #onsitesoftwarejob #softwarejobs #briskwin Immediate opening for SOC Analyst - Onsite EXP: 13+ yrs JD: Monitoring and analysis of cyber security events with the use of (SIEM) and other tools. SOAR experience to Design and configure automation and workbooks. SIEM as MS sentinel and Q-radar and other tools use case management (alerts and reports) as per industry best practices. Monitor EDR to detect and investigate suspicious activities across all products. Monitor shadow IT for external threats and data exfiltrate. Provide analysis and trending of security log data from many heterogeneous IT security devices. Continuous threat hunting and liaise with the relevant team in case suspected incident. Provide threat and vulnerability analysis as well as security advisory services. Analyze and respond to previously undisclosed software and hardware vulnerabilities. Investigate, document, and report on Cybersecurity issues and emerging trends. Review SOC Analyst ticket queue, review tickets, closure or reassignment as needed. Create/review/modify documentation as needed, to include any process or procedure and thus ensure its up to date and standard. Provide analytical feedback on network traffic patterns. Provide analytical feedback related to malware and other network threats. Understand information security policies and best practices in environments. Provide technical support within the Security Incident and Event Management team to assist in the investigation and remediation of security incidents. Escalate incident remediation changes with other business units, vendors, and customers, adhering to a predefined ITIL change management framework. Where necessary, liaise and work with Professional Services Engineers and Solutions Architects around incident investigation and reporting. Maintain detailed knowledge of the environment(s), where applicable, by maintaining and updating relevant documentation such as Network Diagrams, Configuration and Asset Databases along with process and procedural documentation. Change management calendar updates/closures. Monthly SOC Reports. SOC White Board daily/weekly updates. Conduct security assessments regularly to identify vulnerabilities and performing risk analysis. Document incidents to contribute to incident response and disaster recovery plans. In the case of third-party vendors, verify their security strength and collaborate with them. Analysis of phishing emails reported by internal end users. excellent understanding of application layer attacks, network level attacks, zero-day attacks etc. Skills & Requirements: Requires Bachelor’s degrees in Computer/IT engineering or related field. Professional Certifications – SOC Analyst (CSA, CompTIA CySA+ etc.), CEH. SIEM Solution (Azure Sentinel, Q-Radar etc.). If interested, share your updated profile to [email protected] with subject "SOC Analyst"
To view or add a comment, sign in
-
Looking for immediate joiner with Level 3 experience 4+ experience in DDos Aakamai Prolexic Scope: • DDoS Attack Mitigation: The primary responsibility is to detect, analyze, and mitigate Distributed Denial of Service (DDoS) attacks targeting Akamai customers. • Incident Response: Rapidly respond to DDoS incidents, assess their impact, and implement appropriate mitigation strategies. • Monitoring and Alerting: Continuously monitor network traffic, security logs, and alerts from Prolexic systems. • Tuning and Optimization: Fine-tune DDoS detection rules and thresholds to minimize false positives and enhance accuracy. • Collaboration: Work closely with other security teams, network engineers, and customer support to ensure effective DDoS protection. • Security Incident Handling: Investigate and respond to security incidents escalated from L2 analysts. • Threat Detection and Analysis: Monitor security alerts, analyze logs, and identify potential threats. • Forensics and Root Cause Analysis: Conduct in-depth investigations to understand attack vectors and root causes. • Security Tool Management: Manage and fine-tune security tools (SIEM, IDS/IPS, etc.). Deliverables: • Incident Reports: Detailed reports on detected DDoS attacks, including attack vectors, duration, and impact. • Mitigation Recommendations: Provide guidance on improving DDoS resilience based on observed attack patterns. • Documentation: Maintain accurate records of incidents, mitigation actions, and lessons learned. • Training: Train other team members and customers on DDoS best practices. • Continuous Improvement: Contribute to enhancing Prolexic's detection capabilities and response procedures. • Escalation Procedures: Document clear escalation paths for critical incidents. • Playbooks: Develop and maintain incident response playbooks for common scenarios. • Collaboration: Work closely with L1 and L2 analysts, as well as other Network & Security teams. • Metrics and KPIs: Track and report on SOC performance metrics (e.g., mean time to detect, mean time to respond). Email resumes to [email protected]
To view or add a comment, sign in
83,150 followers
Commenting for visibility. ------- 🔍 Follow The ITSM Practice Podcast on LinkedIn for daily insights on ITSM and IT Security. 🎧 Check out The ITSM Practice Podcast on Spotify: https://shorturl.at/8Ao5T #itil #itsecurity