Information Security Monitoring (Ll/L2) Analyst (JO013379) Doha, Qatar
Our client, world's largest oil & gas company is looking for a Information Security Monitoring (Ll/L2) Analyst willing to work under the following conditions:
Following are T&C for the role:
Work Location : Doha Qatar
Type of Assignment : Contract
Contract Duration : 1 year
Status : shifts on 24x7 basis. Each shift is 8 hours
Housing allowances : Provided
Transportation allowances: Provided
Mob /Demob Ticket: Provided
Principal Accountabilities
- Detect and respond to information security incidents leveraging tools and processes provided.
- Provide direct communication to affected users in the event of security incidents.
- Monitor, research, analyses and understand log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems in search of indicators of compromise.
- Perform analysis and technical reviews of vulnerability assessments on all systems, applications and interfaces using detection/ prevention tools and threat intelligence data.
- Research/Deep Dive into activity logs and security events detected by a SIEM to identify potential exploitation methods and record activities within operational management systems (e.g., ticketing systems).
- Provide analytical support to Tier 3 activities and mitigation suggestions in the context of a security incident.
- Generate reports per shift based on defined KPIs and shift's activities.
- Validate and report efficacy of SIEM rules and provide input on tuning and optimization of security systems.
- Remain current with emerging security threats including applicable regulatory security requirements.
QUALIFICATIONS I KNOWLEDGE I SKILLS / EXPERIENCE
- Bachelor’s degree in information security, computer science, or systems engineering
- 5+ years' experience working in a large-scale IT environment with focus on Information Security, and knowledge of Operational Technology
- 2+ years' operating experience in industry leading SIEM products
- 1-3 years previous Security Operations Centre Experience in conducting security investigations
- Good knowledge of IT including multiple operating systems and system administration skills (Windows, Unix)
- Good knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products
- Strong understanding of security incident management, malware management processes
- Experience with web content filtering technology - policy engineering and troubleshooting
- Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP
- Knowledge of security best practices and concepts Vulnerability Assessment & Penetration Testing
- Demonstrated ability to analyses, triage and remediate security incidents;
- Demonstrate knowledge of Cyber Security principles, techniques and technologies such as SANS Critical Security Controls and OWASP;
- Demonstrated knowledge of security related technologies and their functions (IDS, IPS, FW, WAF, SIEM and the like);
- Certification in at least one industry leading SIEM product
- Possession of Industry Certifications (OSCP, OCSE preferred, GCIH, SANS ICS, GCIA, Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC), Certified Ethical Hacker (CEH), (CISSP), CHFI, SANS cyber Threat Hunting, SANS GREM, SIEM/ security tool equivalent technical certification.
If this offer is of your interest , Kindly apply