Job Description INCIDENT TRIAGE ANALYST - ( 240000Z7 )
Description
JOB PURPOSE:
To handle security alerts received or escalated from the Incident Monitoring function and perform a root cause analysis on the security incident.
KEY ACCOUNTABILITIES:
Security Incident Triage 1. Provide communication and escalation throughout the incident per the Security Incident Management process.
2. Prioritize and differentiate between potential intrusion attempts and determine to treat the alert as a security incident and assign a severity level to apply proper mitigation based on the severity.
3. Collect contextual information to close or escalate the security incident to the Incident Response function for further investigation to find the root cause.
4. Provide consistent and accurate incident feedback to Incident Monitoring, support forensic, event documentation and malware analysis as required to maintain the integrity of the investigation.
5. Monitor and analyse network traffic, security events and logs for Intrusion Detection Systems/ Intrusion Prevention Systems (IDS/IPS), Firewalls, Email Security Gateways, File integrity monitoring, DB Monitoring, Proxy solutions, Windows Event Logs, AIX/Linux systems logs, Application Logs, Endpoint security solutions, Data Leakage prevention solutions.
6. Identify false positives and work with appropriate team members for alert tuning.
7. Perform quality review of tickets for documentation accuracy and validation of ticket context.
8. Support in the daily, monthly, Quarterly and Yearly security posture, Security Operations Center (SOC) and executive reporting and dashboards.
9. Develop tools or scripts to automate repeatable tasks, to streamline manual process, in order to support security investigation.
10. Enhance detection capabilities by providing recommendations for security monitoring devices such as IDS/IDS and Security Information & Event Management (SIEM).
11. Proactively reviewing raw logs for anomalous activity from different sources.
12. Participate in evaluating and recommending security solutions to ensure catering for logging and monitoring requirements in any system to fulfil SOC core objectives.
13. Work with Threat Intelligence to write and improve Runbooks and update documentation.
14. Monitor all log sources heart beat and report/investigate issues to ensure maintaining healthy logs to avoid any failure of data collection and impacting the core SOC monitoring function.
Qualifications
QUALIFICATIONS, EXPERIENCE, & SKILLS: Qualifications & Experience:
§ Bachelor’s degree of Engineering, Computer Science or equivalent.
§ Minimum of 5 - 7 years of experience in IT Security and related disciplines.
§ Experience in analyzing security logs
§ Experience with enterprise security architecture and software such as Web Applications Firewalls, Next Generation Firewalls, email sandboxing, etc
§ Experience in configuring and implementing technical security solutions, application security platforms, sandboxing, and similar technologies.
§ Good experience with packet analysis tools
§ Good experience with OSs+ (Widows and Linux)
§ Recommended Certifications
o Certified Intrusion Analyst (GIAC)
o Certified Forensic Analyst (GCFA)
§ Mandatory Certificates
o EC-Council Certified Security Analyst (ECSA)
Skills:
§ Very good command of English and Arabic language
§ Good communication skills
§ Good Analytical skills
Primary Location
: Egypt-Giza-SMART VILLAGE BLDG. 2
