Treballs Enginyer de Seguretat Unix en Barcelona

  • 19/11/2021


    The detection analyst will be responsible for building on the existing ATT&CK-based managed playbook for the company's Security Operations Centre and developing this to the next level of maturity and capability Support the day to day threat detection work of a team of analysts providing service to a wide range of clients in different industries as well as the company's private/hybrid cloud services and internal IT Detalles del cliente ICT Services groupe with an extensive history that extends over +100 years, the group family has around 4.000 employees in +20 countries across Europe, APAC & Latin America, and has a complete portfolio of integrated ICT services for the large enterprise and public sector markets. This includes Workspace, Applications, Unified Communications, Data Centre, Cloud, Managed Services, Smart Spaces and Security. Descripción de la oferta Develop threat detection rules to identify modern attacker techniques and tactics in close partnership with the threat intelligence, incident response, security analysts, security architects and infrastructure teams Maintain existing rule base to ensure effectiveness and efficiency and apply lifecycle management to sunset rules when appropriate Assess coverage against ATT&CK framework to identify gaps and opportunities for improvement Develop and maintain effective metrics Support compliance use cases on request Identify need for, create and maintain lists as necessary to support correlation rules Create dashboards to support specific use cases for threat detection and train analysts in their use Provide advisory support to threat hunting activities, such as by developing efficient search queries Develop detection strategies for existing and emerging business needs in partnership with business and IT teams Analyse alert trends to drive improvement Play an active role in maintaining and improving data collection and configuration management frameworks and documentation Perfil del candidato Minimum two years experience with SIEM technology, preferably LogRhythm with deep understanding of the AIE function Experience with practical implementation of MITRE ATT&CK framework, preferably in multi-tenant heterogenous environments with a wide range of technologies and varying maturity levels Strong understanding of the information security threat landscape such as attack vectors and best practices for securing systems and networks Competent with RegEx, Sigma, YARA, Snort, Zeek and TShark Experience with performance tuning correlation rules to function well at scale Strong communication skills and ability to write clear documentation Fluent English, written and spoken Structured and results-oriented way of working Desirable - one of more of the following Strong understanding of common log formats and parsing, including cloud technologies Familiar with common operating systems and network fundamentals Previous experience working as a security analyst Experience with SOAR, UEBA, EDR, NDR or IDS/IPS technology Desirable Qualification or Certification SANS SEC511 Continuous Monitoring (GIAC GMON Certification) LogRhythm Platform Administrator (LRPA) Cloud certifications (AWS, Azure, other). BSc/MSc in Computer Science or Security Oferta de empleo An exciting opportunity to join a team within a growing ICT Services company with a global portfolio, as a Cybersecurity Detection Analyst in the SOC team. Salary: Bonus

Cerca avançada