Responsibilities:
- Investigate security alerts
- Conduct investigations to identify malicious activities
- Work with Application Monitoring and Response (AMR) and Malware Prevention and Analysis teams to help with investigations
- Research emerging security threats, identify Indicators of Compromise and Tactics, Techniques, and Procedures
- Participate in security drills, table-top exercises, and other similar initiatives to meet regulatory and internal governance requirements
- Contribute to updating/creation of runbooks and operational documentation
Requirements:
- Strong experience in uncovering malicious activities, threat hunting and taking action against cyber threats
- Proficient in firewall log analysis, DNS log analysis, Netflow analysis, 802.1X Network Access Control log analysis
- Knowledge of TCP/IP, common network protocols, packet formats and packet analysis
- Ability to search relevant logs to support the investigation, use regex, and write queries. Experience on Splunk logging solution is preferred.
- Working knowledge of network security technologies, ACLs, application security and security vulnerabilities
- Strong understanding of common security vulnerabilities, attack vectors/TTPs used by threat actors and corresponding IOCs
- Experience in automation using Python or similar programming language
Registration No: R1877139
EA Licence No: 20C0336