Level 1 CyberShield Analyst

The Ideal Candidte

Essential Skills

• As the Level 1 SOC Analyst requires strict adherence to a weekly schedule, we require someone with proven discipline in being on-time and ready to operate for each and every scheduled 12-hour or 8-hour shift.
• We are looking for someone to join the Hanco team who has demonstrable skills in critical thinking and problem-solving, especially someone who can remain risk-aware and focussed risks that alerts may pose andmaking informed decisions about whether or not theymerit investigation.
• You should have basic experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules in YAML, administration of SIEM, system hardening, and Vulnerability Assessments.

Desirable Skills

• Implementation and management ofSIEM and other cybersecurity products.
• TCP/IP network traffic and event log analysis.
• One or more SIEM tools like LogRhythm, QRadar, Arcsight, Mcafee epo, UTMStack, or NetIQ Sentinel.
• Core ITIL disciplines such as Incident, Problem and Change Management

Job Background and Description

Our Hanco CyberShield Operations Centre monitors alerts and creates incidents for a wide variety of clients in North and South America and Europe, including the United Kingom. Our Level 1 CyberShield Security Analyst position will analyse incoming alerts and escalate where needed to our Level 2 Security Engineers, after undertaking the detailed investigationrequired for the alert.

As a Security Analyst your main focus will be on determining whether the security event will be classified as an incidentand notification to the client. You will coordinate with the customer IT and Security team via e-mail and on the phone for resolution of basic Security Incidents.
Our overall aim at Hanco is to reduce alert fatigue for our valued clients and for them to know that our “Hanco is Here” attitude applies to the services we provide.
This role reports to the CyberShield Team Lead.

Responsibilities

• Escalate validated and confirmed incidents to designated incident response team.
• Notify Client of incident and recommend mitigation works.
• Fine-tune SIEM rules to reduce false positive and remove false negatives.
• Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation.
• Proactively research and monitor security information to identify potential threats that may impact the organisation.
• Develop and distribute information and alerts on required corrective actions to the organisation.
• Learn new attack patterns, actively participate in security forums.
• Work closely with our Partners in Eastern Europe and America to ensure Correlation Rules are in place for specialty incidents.
• Understand the structure and the meaning of logs from different log sources such as O365, Azure AD, Windows, Cisco appliances, Firewalls, AV and antimalware softwareand similar.
• Develop an inherent feel and understanding for what normal operations looks like for a given server being monitored, in order to better identify outlier alerts and security events.
• Review existing incidents to determine client responses through time and furtheridentify possible false positive candidates.
• Analyst should properly include for each incident all details related to the logs, alerts and other indicators identified in accordance with the intervention protocol of each client and the SLA.
• Track and update incidents and requests based on client’s updates and analysis results.