Threat Management Specialist (Network Access Monitoring)

Responsibilities:

• Investigate security alerts
• Conduct investigations to identify malicious activities
• Work with Application Monitoring and Response (AMR) and Malware Prevention and Analysis teams to help with investigations
• Research emerging security threats, identify Indicators of Compromise and Tactics, Techniques, and Procedures
• Participate in security drills, table-top exercises, and other similar initiatives to meet regulatory and internal governance requirements
• Contribute to updating/creation of runbooks and operational documentation

Requirements:

• Strong experience in uncovering malicious activities, threat hunting and taking action against cyber threats
• Proficient in firewall log analysis, DNS log analysis, Netflow analysis, 802.1X Network Access Control log analysis
• Knowledge of TCP/IP, common network protocols, packet formats and packet analysis
• Ability to search relevant logs to support the investigation, use regex, and write queries. Experience on Splunk logging solution is preferred.
• Working knowledge of network security technologies, ACLs, application security and security vulnerabilities
• Strong understanding of common security vulnerabilities, attack vectors/TTPs used by threat actors and corresponding IOCs
• Experience in automation using Python or similar programming language

Registration No: R1877139

EA Licence No: 20C0336