الوصف الوظيفي
• Provide recommendations and implement changes to optimize ArcSight and Splunk SIEM products in the customer environment.
• Health checks & configuration of rules, reports, dashboards, data monitoring etc.
• ArcSight Administration including creation and management of custom connectors, correlations and alerts. Must have experience with Flex Connectors, and content development, some scripting experience.
• Identify potential threats and malicious behavior in security logs; develop methods to improve monitoring capabilities and build new use cases.
• Develops content for a complex and growing ArcSight infrastructure, this includes use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists. Provides optimization of data flow using aggregation, filters, etc.
• Participates in the operation of ArcSight Security Information and Event Management systems to include
ArcSight ESM, Connector appliances/SmartConnectors, Logger appliances.
• Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors.
• Must have experience maintaining an event schema with customized security severity criteria.
• Should have at least 3+ years of experience in cyber threat intelligence services and investigations DFIR.
• Provides expert analysis on strategic threats, actors, Advanced Persistent Threat groups.
• Performs analytic support focused on Cyber actor TTPS doctrine, policies, strategies, capabilities, and intent to conduct Cyberspace operations and Cyber-oriented groups, individuals, organizations, tools, tactics, and procedures.
• Collects raw data from intelligence feeds, open sources, partner groups, and internally-aligned cybersecurity elements as part of an all-source intelligence effort.
• Hunting and discovering previously unidentified/unknown and emerging threats and understand new adversary TTPs
• Collect and document threat indicators from internal and external sources
• Validate the quality of threat indicators including IoCs and IoAs.
• Curate the collected indicators to ensure proper aging out of indicators
• Ability to conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations
• Perform incident triage and handling by determining scope, urgency and potential impact thereafter identifying the specific vulnerability and recommending actions for expeditious remediation.
• Coordinate with and act as subject matter expert to resolve incidents by working with other information security specialists and IT contacts to correlate threat assessment data.
• Coordinate with and act as subject matter expert to resolve incidents by working with other information security specialists and IT contacts to correlate threat assessment data.
• Perform forensic analysis of Windows and Unix systems to identify compromise artifacts.
المهارات
• Hands-on experience
• Security certifications:SANS GIAC (GREM, GCFA, GCIH, GNFA), CISSP or other security related certifications.Conduct network monitoring and intrusion detection analysis using Security Information and Event Management (SIEM) systems, various computer network defense (CND) tools, such as intrusion detection/prevention systems (IDS/IPS), firewalls, host-based security systems (HBSS), and other similar tools.
• Be a self-starter, work independently and adjust to changing priorities
• Strong verbal presentation and writing skills, including the demonstrated ability to write clear and concise text.
• Excellent analytical abilities and a strong ability to think creatively when approaching issues.
تفاصيل الوظيفة
منطقة الوظيفة دبي, الإمارات العربية المتحدة
قطاع الشركة تكنولوجيا المعلومات
طبيعة عمل الشركة صاحب عمل (القطاع الخاص)
الدور الوظيفي تكنولوجيا المعلومات
نوع التوظيف دوام كامل
الراتب الشهري غير محدد
عدد الوظائف الشاغرة غير محدد
المرشح المفضل
المستوى المهني متوسط الخبرة
عدد سنوات الخبرة الحد الأدنى: 7 الحد الأقصى: 12
https://www.bayt.com/ar/uae/jobs/senior-security-analyst-siem-3886252/
نسخة للطباعة 
ابلغ عن اعلان مخالف