Security Operations Center Analyst
Manila, Philippines Infra / Networks / Telecom
Job description
Description
Security Operations Center Analyst
The Security Operations Center Analyst is responsible for the execution of incident response/security operations center/security information and event management technologies and the detection, triage, response, remediation and communication of security incidents. The Security Operation Center Analyst will utilize a deep understanding of the network security technologies, logging and settings coupled with alerts from SIEM tool and other monitoring capabilities to perform incident response, network surveillance, data mining and data manipulation. This role is responsible for supporting specific elements of the security monitoring program.
Essential Responsibilities
Professional responsibilities may include:
· Executing and maintaining incident, monitoring and response procedures.
· Investigation and triage of security alerts, events and incidents.
· Managing, reviewing and disseminating threat intelligence.
· Monitoring indicators of compromise (IOCs) related to advanced, targeted attackers.
· Detect and monitor malicious and/or anomalous activity which threatens the information security of P&G.
· Identify and execute risk-based sequence of remediation actions to mitigate threats.
· Perform thorough investigations, including root cause analysis, identifying ingress points, vulnerabilities exploited, actions taken by threat actors, data exfiltrated, persistence established, and all other pertinent facts.
· Extract learnings from investigations to feed back into the threat intelligence process to enhance detection and mitigation capabilities.
· Incidentally perform malware analysis and reverse engineering to extract intelligence needed for incident investigations, and identify potential mitigations and develop unique correlation techniques.
· Employ advanced forensic tools.
· Perform network traffic analysis.
· Interfacing with external entities in an operational environment.
Technical Competencies and Experience:
· Experience designing and operating one or more of the following SOC solutions:
· Service manager solutions: ServiceDesk, Remedy, Archer, ServiceNow
· SOC/SIEM solutions: QRadar, Wazuh, ArcSight, LogRhythm, Fireeye, Splunk
· Configuration management solutions: Solarwinds, Opsware, CVS
· Forensics solutions: CAINE, EnCase, SIFT, Kali
· Networking: Cisco, Juniper, Checkpoint; WAN/LAN network design; Application Firewalls
· Operating Systems: Windows, Unix, Linux
· Database: Oracle, SQL, MySQL
· Other: PhishMe, Crowdstrike
· Knowledge of application regulatory standards and frameworks:
· Compliance frameworks and security management standards (e.g. ISO 27001/27002, COBIT, ITIL, NIST, and PCI)
· Regulations (e.g. GDPR, HIPAA, Sarbanes-Oxley).
· Knowledge of technology products and operating experience with Security Operations Centers:
· Security Event and Information Management (SIEM)
· Applications & Database Scanners, Penetration Testing Tools, Intrusion Detection/Prevention Tools Intrusion Prevention Tools
· Monitoring Procedures Tools
· Network Behavior Analysis tools (Snort, Suricata, Bro, Argus, SiLK, tcpdump, WireShark, McAfee IntruShield and ePolicy Orchestrator (EPO)), Netflow, DDOS & DOS Service Monitoring tools, Wireless Intrusion Detection/Prevention Systems, NGFW “ Next Generation Firewall’s”, Enterprise Antivirus, Antispyware Malware Analysis Kit
· Vulnerability assessment and penetration testing tools such as Metasploit, CORE Impact, Immunity Canvas, or Kali Linux
· TCP/IP or OSI network protocol stack, including major protocols such as IP, Internet Control Message Protocol (ICMP), TCP, User Datagram Protocol (UDP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and SSH
· Cryptography algorithms and protocols such as Advanced Encryption Standard (AES), Rivest, Shamir, and Adleman (RSA), MessageDigest Algorithm (MD5), Secure Hash Algorithm (SHA), Kerberos, Secure Socket Layer/ Transport Layer Security (SSL/TLS)
· Programming and scripting languages and text manipulation tools such as Perl, Ruby, and Python
· One or more of the following certifications: CISSP, GSEC, GISF, GCIA, GCIH, GREM, CCNA
Qualifications
Qualification Requirements
· Bachelor’s degree in Information Systems, Information Technology (IT), Computer Science, Engineering, or other technical/IT field and/or at least 2+ years of relevant experience.
· Available to work off hours during the evenings and weekends as required, sometimes with little advanced notice.
· All Information Security roles require CISSP certification. Candidates without the certification must be able to pass the exam within the first 15 months of start of employment. P&G provides study preparation and exam cost coverage.
· Role requires working from the Procter & Gamble office location in Manila, Philippines.