Security monitoring
___
Incident Response & Digital Forensics
___
Threat Hunting
___
Threat Collection and Analysis
Mandatory:
Good knowledge of IT security technology and processes (secure networking, web infrastructure, system security, security control point management, etc.)
Experience with reviewing alerts to determine relevancy and urgency by correlating different events and sources
Experience with detection and mitigation of phishing attacks
Experience managing incidents via ticketing systems such as HPSM and Service Now
Ability to clearly write documentation, procedures and knowledgebase articles
Experience with Use Case Development and Runbook creation
Familiar with networking concepts, configuration and components
Comfortable working in Windows and Linux based systems
___
Preferable
Hand’s on malware analyses skills
Knowledge of digital forensics practices for Windows systems
Experience with security incident management as a SPOC in a SOC or CSIRT environment, coordinating incidents towards technical and management teams
Knowledge of various IDS/IPS such as Cisco Sourcefire and Palo Alto
Knowledge of log aggregation, SIEM solutions and Digital Analytics Platforms such as Splunk, ArcSight, ELK
Experience working with EDR solutions like Tanium and Mcafee
Experience with DDoS solutions and services such as Akamai and F5 WAF based application protections
Practical experience with Threat Hunting
Basic knowledge of Threat Modelling
Know how to interpret and analyse Threat Intelligence information and make it actionable via a CTI platform
Experience with DLP solutions like Symantec DLP
Knowledgeable about SOAR and automation techniques with Demisto or Cortex XSOAR
Basic Reverse Engineering skills