Security Operations Analyst

Responsibilities:

• In close collaboration, build, adjust and implement analytics and detection rules for SIEM,
  EDR and AV
• Under guidance, participate in cybersecurity architecture review of new or existing
  technical solutions and provide recommendations for improvement
• Contribute to the preparation of KPIs for cybersecurity operations capabilities
  RFP Request
• Monitor and investigate alerts leveraging Microsoft Security Tools (e.g. M365, Cloud App
  Security, Azure, Defender for EndPoint, Azure Security, Azure Sentinel and XDR)
• Monitor and triage AWS security events and detections
• Monitor and investigate alerts leveraging EDR solutions
• Work with alerts from the CSOC Analysts, to perform in depth analysis and triage of
  network security threat activity based on computer and media events, malicious code
  analysis, and protocol analysis
• Review trouble tickets generated by CSOC Analyst(s)
• Identify incident root cause and take proactive mitigation steps
• Work directly with cyber threat intelligence analysts to convert intelligence into useful
  detection
• Perform lessons learned activities
  
• Leverage emerging threat intelligence (IOCs, updated rules, etc.) to identify affected
  systems and the scope of the attack
  
• Review and collects asset data (configs, running processes, etc.) on these systems for
  further investigation
  
• Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose;
  
• Document actions in cases to effectively communicate information internally and to client
  
• Determine and direct remediation and recovery efforts
  
• Provide other ad hoc support as required

What we are looking for:

• Knowledge of Transmission Control Protocol / (TCP/IP) protocols
• Deep knowledge of Microsoft Security Tools (M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR)
  
• Deep Knowledge of Cloud technologies (Azure, AWS and GCP)
  
• Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, MS Sentinel, ELK Stack
  
• Knowledge of at least one EDR solution (MS Defender for Endpoint, Sentinelone,
  Crowdstrike)
  
• Knowledge of email security, network monitoring, and incident response
  
• Knowledge of Linux/Mac/Windows;
• Minimum of five 5 years of relevant experience
  
• Proven experience in reviewing raw log files, data correlation, and analysis (firewall,
  network flow, IDS, system logs)
• Fluent in English

We offer:

Join us at the right time to make your mark in a fast-growing organization

Various missions and projects that will allow you to have a real impact on the company

The ability to work autonomously and to drive new initiatives

A career path adapted to your personality, both in terms of role and location

A strong culture, based on sharing, respect, ambition, and team spirit

The opportunity to manage teams and develop your area of expertise by leading one of our squads

Develop your management and leadership skills , because, at Ekkiden , consultants look after the careers of other consultants. Gone are the days when your career was driven by a salesman !

H ealth insurance

Questions? Let's talk!