IT Security Analyst, II

1. Monitoring SIEM systems to detect IT security incidents in Stefaninis client environments.
2. Incident Management:
   a. Incident investigation and diagnosis: analyzing the cause of the incident selecting a solution/escalation path.
   b. Routing incidents to the correct groups: detailed review of incidents logging detailed analysis in the ticket. Routing the ticket to the correct group ensuring communication and following up within the group.
   c. Tracking the resolution of the incident and providing regular updates to users or representatives regarding the progress/closure of the incident.
   d. Supporting the incident management process proposing new processes and developing solutions to improve efficiency.
3. Responding to requests via email and other electronic means for technical support.
4. Continuous improvements:
   a. Performing manual alert correlations in accordance with predefined procedures and project/client-specific requirements.
   b. Advising on repeatable processes demonstrated within the company and the IT group.
   c. Offering guidance in defining KPIs deliverables and/or metrics for services processes and technologies.
   d. Conducting root cause analysis and providing recommendations: regular review of incidents grouping them by cause and suggesting measures to reduce/eliminate incidents.
5. Working in alignment with SLAs for the daily operations of the monitoring team.
6. Documenting procedures used to resolve issues for future reference.
7. Assisting junior colleagues with project onboarding and providing technical support when needed.
8. Offering technical recommendations to the client to mitigate risks and/or actions to be taken to prevent the spread of detected threats.
9. Proactively searching for potential cyber threats in allocated systems and recommending actions for their prevention.
10. Creating rules and policies on IT systems based on client/employer requirements.
11. Actively participating in advanced cybersecurity discussions/meetings and improving technical and non-technical skills while contributing to company activities aimed at achieving proposed objectives.
12. Enhancing the quality and level of services offered through technical advice technical analysis or resolving cybersecurity vulnerabilities.

Creating daily/weekly/monthly operational reports as requested by the client/employer regarding status statistics and results achieved by the team and/or personal work.

• Monitor security alerts logs and SIEM dashboards to detect threats and vulnerabilities.
• Investigate and respond to security incidents including malware phishing and intrusion attempts.
• Perform vulnerability assessments and assist with remediation efforts.
• Support implementation and maintenance of security tools such as firewalls IDS/IPS EDR and SIEM solutions.
• Conduct security monitoring reporting and documentation.
• Assist with security audits risk assessments and compliance activities.
• Collaborate with IT and engineering teams to strengthen security controls.
  
  Required Skills & Qualifications
• Bachelors degree in Cyber Security Computer Science IT or a related field.
• 2-5 years of experience in information security or security operations (SOC).
• Strong understanding of networking fundamentals protocols and security concepts.
• Experience with SIEM tools (Splunk QRadar Sentinel etc.).
• Knowledge of threat detection incident response and vulnerability management.
• Familiarity with operating systems (Windows Linux) and security monitoring tools.
• Strong analytical problem-solving and communication skills.
• Stay updated on emerging threats attack techniques and security best practices.

Preferred / Good-to-Have

• Security certifications such as CEH Security or equivalent.
• Experience with cloud security (AWS Azure or GCP).
• Knowledge of scripting for automation (Python PowerShell).
• Understanding of compliance frameworks (ISO 27001 SOC 2 NIST).
• Experience working in SOC or Blue Team environments.