Security Operations Center Tier 2 Analyst

Division: Chief Information Security Office (CISO)

As a global critical financial infrastructure the protection of Euroclear information andassets is fundamental to the companys business. Information Security is at the core of our services firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office in charge of putting in place the required controls to adequately and effectively protect our information assets.

Please note that this is a permanent position and we do not offer freelance or contract arrangements for this role.

Your role

Candidates in this role will respond to events or conduct incident response operations according to documented procedures and industrys best practices. Candidates in this role must have excellent communication skills.

Candidates will be required to participate in multiple intelligence communities and be able to disseminate pertinent information throughout the SOC.

Ideal candidates should have extensive experience in Linux and/or Windows operating systems as well as multiple security areas such as SIEM IDS EDR and WAF while having a deep knowledge of networking and attack methods. Must display enthusiasm and interest in Information Security.

Your responsibilities & duties

• First point of escalation for the Tier 1.
• Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
• Review and build new operational processes and procedures. Review the automated process workflows and provide feedback for updates/enhancements.
• Triage and investigation of advanced vector attacks such as botnets and advanced persistent threats (APTs).
• Advice on the tuning of IDS proxy policy in-line malware tools based on threat feeds trust and reputation data incidents or vulnerabilities and exploits of downstream systems.
• Provide use case creation/tuning recommendations to the Security Intelligence Analyst based on findings during investigations or threat information reviews.
• Lead response actions for incidents where CIRT is not required to intervene (low/medium priority).
• Works directly with data asset owners and business response plan owners during low and medium severity incidents.
• Performing administrative tasks per management request (ad-hoc reports / trainings).
• Support the creation and maintenance of a knowledge base.
• Provide training knowledge sharing sessions to the SOC team.
• Mentor the Tier 1 team.
• Support the Service Delivery Manager with reporting.

Your qualifications required

• 3 year prior experience in a similar position
• Experience of network security zones Firewall configurations IDS policies
• In depth knowledge TCP/IP
• Knowledge of systems communications from OSI Layer 1 to 7
• Experience with Systems Administration Middleware and Application Administration
• Experience with Network and Network Security tools administration
• Knowledge of log formats and ability to aggregate and parse log data for syslog http logs DB logs for investigation purposes
• Ability to define a containment strategy and execute
• Experience with Security Assessment tools (NMAP Nessus Metasploit Netcat)
• Good knowledge of threat areas and common attack vectors (MITRE ATT&CK)
• Nice to have:
  • Splunk and XSOAR experience
  • Experience with log search tools such as Splunk usage of regular expressions and natural language queries
  • Knowledge of common security frameworks (ISO 27001 COBIT NIST)
  • Knowledge of encryption and cryptography
  • Previous experience in the financial industry
  • Scripting (automation) and familiarity with Cloud (AWS/Azure)
    
    #LI-NS1