Food Server Qatar Duty Free
نُشرت في :
18-03-2024
صاحب العمل نشط
1 وظيفة شاغرة
حالة تأهب وظيفة
سيتم تحديثك بأحدث تنبيهات الوظائف عبر البريد الإلكترونيValid email field required
أرسل الوظائف
حالة تأهب وظيفة
سيتم تحديثك بأحدث تنبيهات الوظائف عبر البريد الإلكترونيValid email field required
أرسل الوظائف
الوصف الوظيفي
رقم الوظيفة : 2336519
Cyber Security Analyst 1
- Working Location: Mons, Belgium
- Security Clearance: NATO Secret
- Language: High proficiency level in English language
EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
Comprehensive knowledge of the principles of computer and communications security including knowledge of TCP/IP networking, Windows and Linux operating systems
Broad understanding of common network security threats and mitigation techniques
Experience in the following:
Security information and event management products (SIEM) e.g. Splunk
Analysis of network based intrusion detection systems (NIDS) events e.g. FirePower, Palo Alto Network Threat Prevention
Analysis of logs from a variety of sources (e.g. firewalls, proxies, routers, DNS and other security appliances)
Network traffic capture analysis using Wireshark
Logical approach to analysis and ability to perform structured security investigations using large, complex datasets
Knowledge of endpoint detection and analysis techniques
Desirable Qualifications/Experience:
Holding industry leading certifications in the area of cyber security such as GCIA, GNFA, GCIH
Experience working in a security operations centre (SOC), Computer Incident Response Team (CIRT) or Computer Emergency Response Team (CERT)
Hands on experience with Splunk Enterprise Security and/or Splunk SOAR
Experience in the following areas:
Full packet capture systems e.g. Niksun, RSA/NetWitness
Host based intrusion detection systems (HIDS)
DUTIES/ROLE:
Triaging and investigating security alerts in Splunk Enterprise Security
Providing in-depth analysis of firewall, IDS, anti-virus and other network sensor events to report findings clearly
Enhancing investigations by leveraging the comprehensive extended toolset (e.g. Splunk, NIDS, FPC and SOAR)
Providing analyst expertise in response to ongoing cyber security incidents
Supporting the end-to-end incident handling process
Assisting in the management of internal block lists
Proposing security content optimisations and enhancements that help maintain and improve NATOs Cyber Security posture
Assisting in on boarding and training of new team members
Assuming the role of security analyst shift lead, assisting with team management and prioritisation of analyst workload
The main deliverables as CSA will be to:
Provide an average of 139 hours/month working in office as part of a predetermined 24/7 shift rota
Triage, analyse and respond to alerts. On average 300 500 alerts per day are expected. All critical alerts will be responded to within three hours
Deliver analysis and reports in response to tasks associated with ongoing investigations and incidents
Propose no fewer than five security content optimisations and enhancements per week
Oversee the production and release of bulletins for internal block lists, on average, three times per week
Review existing block lists and add new indicators of compromise to block lists, on average 20 per day
Create an average of two MISP events per week based on provided intelligence reports
Respond to ad-hoc tasks given by the service delivery manager and cell head
The service provider is expected to provide accurate and complete deliverables in accordance with internal processes
The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on-boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled
Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period
For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarisation and assessment process. Delivery of the service cannot begin until this is complete
Broad understanding of common network security threats and mitigation techniques
Experience in the following:
Security information and event management products (SIEM) e.g. Splunk
Analysis of network based intrusion detection systems (NIDS) events e.g. FirePower, Palo Alto Network Threat Prevention
Analysis of logs from a variety of sources (e.g. firewalls, proxies, routers, DNS and other security appliances)
Network traffic capture analysis using Wireshark
Logical approach to analysis and ability to perform structured security investigations using large, complex datasets
Knowledge of endpoint detection and analysis techniques
Desirable Qualifications/Experience:
Holding industry leading certifications in the area of cyber security such as GCIA, GNFA, GCIH
Experience working in a security operations centre (SOC), Computer Incident Response Team (CIRT) or Computer Emergency Response Team (CERT)
Hands on experience with Splunk Enterprise Security and/or Splunk SOAR
Experience in the following areas:
Full packet capture systems e.g. Niksun, RSA/NetWitness
Host based intrusion detection systems (HIDS)
DUTIES/ROLE:
Triaging and investigating security alerts in Splunk Enterprise Security
Providing in-depth analysis of firewall, IDS, anti-virus and other network sensor events to report findings clearly
Enhancing investigations by leveraging the comprehensive extended toolset (e.g. Splunk, NIDS, FPC and SOAR)
Providing analyst expertise in response to ongoing cyber security incidents
Supporting the end-to-end incident handling process
Assisting in the management of internal block lists
Proposing security content optimisations and enhancements that help maintain and improve NATOs Cyber Security posture
Assisting in on boarding and training of new team members
Assuming the role of security analyst shift lead, assisting with team management and prioritisation of analyst workload
The main deliverables as CSA will be to:
Provide an average of 139 hours/month working in office as part of a predetermined 24/7 shift rota
Triage, analyse and respond to alerts. On average 300 500 alerts per day are expected. All critical alerts will be responded to within three hours
Deliver analysis and reports in response to tasks associated with ongoing investigations and incidents
Propose no fewer than five security content optimisations and enhancements per week
Oversee the production and release of bulletins for internal block lists, on average, three times per week
Review existing block lists and add new indicators of compromise to block lists, on average 20 per day
Create an average of two MISP events per week based on provided intelligence reports
Respond to ad-hoc tasks given by the service delivery manager and cell head
The service provider is expected to provide accurate and complete deliverables in accordance with internal processes
The service provider shall be responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on-boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled
Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will follow a brief familiarisation period
For each individual delivering the service, the provider shall allocate 10 working days to the initial NCSC Ops familiarisation and assessment process. Delivery of the service cannot begin until this is complete
نوع التوظيف
دوام كامل
المجال
القسم / المجال المهني
المهارات المطلوبة
الإبلاغ عن هذه الوظيفة
إخلاء المسؤولية: د.جوب هو مجرد منصة تربط بين الباحثين عن عمل وأصحاب العمل. ننصح المتقدمين بإجراء بحث مستقل خاص بهم في أوراق اعتماد صاحب العمل المحتمل.
نحن نحرص على ألا يتم طلب أي مدفوعات مالية من قبل عملائنا، وبالتالي فإننا ننصح بعدم مشاركة أي معلومات شخصية أو متعلقة بالحسابات المصرفية مع أي طرف ثالث. إذا كنت تشك في وقوع أي احتيال أو سوء تصرف، فيرجى التواصل معنا من خلال تعبئة النموذج الموجود على الصفحة اتصل بنا
