Level 1 CyberShield Analyst

Article Summary:
Share Article:

The Ideal Candidte

Essential Skills

  • As the Level 1 SOC Analyst requires strict adherence to a weekly schedule, we require someone with proven discipline in being on-time and ready to operate for each and every scheduled 12-hour or 8-hour shift.
  • We are looking for someone to join the Hanco team who has demonstrable skills in critical thinking and problem-solving, especially someone who can remain risk-aware and focussed risks that alerts may pose andmaking informed decisions about whether or not theymerit investigation.
  • You should have basic experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules in YAML, administration of SIEM, system hardening, and Vulnerability Assessments.

Desirable Skills

  • Implementation and management ofSIEM and other cybersecurity products.
  • TCP/IP network traffic and event log analysis.
  • One or more SIEM tools like LogRhythm, QRadar, Arcsight, Mcafee epo, UTMStack, or NetIQ Sentinel.
  • Core ITIL disciplines such as Incident, Problem and Change Management

Job Background and Description

Our Hanco CyberShield Operations Centre monitors alerts and creates incidents for a wide variety of clients in North and South America and Europe, including the United Kingom. Our Level 1 CyberShield Security Analyst position will analyse incoming alerts and escalate where needed to our Level 2 Security Engineers, after undertaking the detailed investigationrequired for the alert.

As a Security Analyst your main focus will be on determining whether the security event will be classified as an incidentand notification to the client. You will coordinate with the customer IT and Security team via e-mail and on the phone for resolution of basic Security Incidents.
Our overall aim at Hanco is to reduce alert fatigue for our valued clients and for them to know that our “Hanco is Here” attitude applies to the services we provide.
This role reports to the CyberShield Team Lead.


  • Escalate validated and confirmed incidents to designated incident response team.
  • Notify Client of incident and recommend mitigation works.
  • Fine-tune SIEM rules to reduce false positive and remove false negatives.
  • Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation.
  • Proactively research and monitor security information to identify potential threats that may impact the organisation.
  • Develop and distribute information and alerts on required corrective actions to the organisation.
  • Learn new attack patterns, actively participate in security forums.
  • Work closely with our Partners in Eastern Europe and America to ensure Correlation Rules are in place for specialty incidents.
  • Understand the structure and the meaning of logs from different log sources such as O365, Azure AD, Windows, Cisco appliances, Firewalls, AV and antimalware softwareand similar.
  • Develop an inherent feel and understanding for what normal operations looks like for a given server being monitored, in order to better identify outlier alerts and security events.
  • Review existing incidents to determine client responses through time and furtheridentify possible false positive candidates.
  • Analyst should properly include for each incident all details related to the logs, alerts and other indicators identified in accordance with the intervention protocol of each client and the SLA.
  • Track and update incidents and requests based on client’s updates and analysis results.
The Tech Expo portion of the Bucharest Technology Week set up in front of the People's Palace in June 2022

Bucharest Technology Week

A week-long intensive event focussing on Romania’s burgeoning tech sector, the Bucharest Technology Week showed off the best of Romanian ingenuity and strategies for now and the future, culminating in an illuminating speech by Minister for Innovation, Research and Digitalisation, Sebastian Burduja. #techweekro #innovation #romania #hancoweb

Read More »

Identity Management

Our signature Hanco Cybershield™ Identity Management tool allows you to simplify management and monitor account activity in the organization. The module provides alerting capabilities to detect suspicious activity and simplifies tracking and auditing the active directory
#HancoCyber #IdentityManagement #hanco

Read More »

HyLabs for Education

HyLabs helps universities, educational institutes and L and D organizations create, manage and monitor virtualized ICT labs and provide real time access to the ICT enabled labs from any device, anywhere and anytime.
#HancoCyber #HylabsEducation #hanco

Read More »
With our vulnerability measures you will have total control on where your threats are and how to combat them before serious damage is done.

Full-scale Scanning, Testing and Reporting

Our signature Hanco Cybershield™ Penetration Testing will find out how someone might get in to your network, while we will also perform in-depth vulnerability testing in one cost-effective solution.
#HancoCyber #FullScale #hanco

Read More »

HyID Platinum

By managing user identities and monitoring user access, HyID provides enterprises with strong control over endpoints.
HyID enables contextual access, device entry control and flexible policy framework
#HancoCyber #HyidPlatinum #hanco

Read More »
Hanco Endpoint and Gateway Security

Active Endpoint Protection

Deceptive Bytes Endpoint Protection uses malware own sophisticated defenses and techniques, against it.
By providing an Active Deception platform that responds to the evolving nature of advanced threat landscape and interfere with attackers attempts to recon & take hold of enterprise IT.

#HancoCyber #ActiveEndpoint #hanco

Read More »
No more posts to show