We are looking for a SOC L3 Analyst to be part of our SOC/CERT team, supporting, monitoring and resolving alerts.
What are we looking for?We are looking for people with technical education (Bachelor`s degree in Computer Science, a related field, or equivalent) with minimum 4 year of experience monitoring security events in L2-L3. Fluent in English and Spanish will be necessary.
Candidates who provide understanding of incident management cycle would be ideal, as well as necessary experience and knowledge of:
- SIEM: MS Sentinel.
- EDR: SentinelOne / MS Defender (I would need one of them).
- WAF: Imperva.
- CASB: MS CloudApps.
- Phishing analysis (desirable: CofenseTriage/Proofpoint TAP).
- Security elements (IDS-IPS/Firewall/Palo Alto/Fortinet).
- Knowledge of Windows security events.
- Ticketing: ServiceNow.
- Good knowledge in networking: flows, logs, ports, services, layers, protocols, etc.
- Solid knowledge in system administration: Windows and Linux (auth, schedulers, services, ports, etc).
- Advanced knowledge in log administration: log levels, syslog, CEF, rsyslog, logstash, kafka, parsing, conversion, enrichment, etc.
- Comfortable with the Azure products in general and with Azure Sentinel in particular.
- Experience in working with other IT teams to integrate new log sources to the SIEM.
- Advanced knowledge in scripting and DB query languages: Python, Powershell and KQL (Kusto Query Language).
Any of the following would be a plus (And/or):
- Masters degree in cybersecurity.
- Have relevant certifications.
- Experience and knowledge in OT: Nozomi.
- Have a degree of disability higher than 33%.
What challenges and tasks can you find in this job?- Review and analyze events from various security devices (NIDS, HIDS, IDS, IPS, firewall, WAF, SIEM etc.). Level 2-3 of incidents.
- Communicate any suspicious activity, incident or alert and follow up from their initial treatment to their solution.
- Manage automatic vulnerability analyses (Nessus, Acunetix, WPScan, others).
- Identify, analyze and program security alerts.
- Contribute mantaining company´s infrastructures.
- Support the SIEM, learn, adapt and document its (very) rapidly evolving environment.
- Analyse, troubleshoot, and remediate issues with the SIEM and with the log collectors and network sensors.
- Develop and upgrade Azure Sentinel's workbooks, analytic rules, reports, log parsers and integrate correlation logic to the Incident Response processes.
- Provide support to the different components of the SIEM, IDS/IPS (Suricata), logs parsing/normalization routines, rules engine, log storage, log source devices, log collection and event monitoring.
- Automate all that can be automated: Python, Celery, Logic Apps, Automation Accounts, ...
Nice to:
- Monitor and recommend improvements based on observed events and incidents detected by the SIEM related to: network, applications, databases, systems, and endpoints.
- Help develop the in-house SOAR ecosystem: git, Django, Celery, RabbitMQ.
What are we offering?Type of contract: indefinite full-time contract (from Monday to Friday).
Location: Indifferent (total or hybrid remote).
Salary: to determinate.
Flexible Compensation Plan (food card, transport card, medical insurance, kindergarten voucher, and training).
Work Life Balance: flexible work environment
#J-18808-Ljbffr
