Cybersecurity Expert

Job Overview:

The Cybersecurity Specialist plays a vital role in the proactive monitoring, detection, analysis, and response to security incidents within IT infrastructure.

Responsibilities:

• Security Monitoring and Analysis:
  • Monitor security alerts and events from various security tools (SIEM, IDS/IPS, firewalls, endpoint security, etc.).
  • Analyze security logs and network traffic to identify potential security incidents and anomalies.
  • Perform initial triage and analysis of security events to determine their validity, scope, and severity.
  • Correlate security events from multiple sources to identify complex attack patterns.
• Incident Response:
  • Follow established incident response procedures to contain, eradicate, and recover from security incidents.
  • Conduct initial and in-depth technical investigations of security incidents.
  • Document all findings, actions taken, and communications related to security incidents.
  • Escalate complex or high-severity incidents to other relevant teams as necessary.
  • Assist in the development and refinement of incident response playbooks.
• Threat Intelligence:
  • Stay up-to-date on current security threats, vulnerabilities, and attack techniques.
  • Utilize threat intelligence platforms and feeds to enhance detection and response capabilities.
  • Contribute to the development of threat profiles and indicators of compromise (IOCs).
• Security Tooling and Technologies:
  • Utilize and maintain various security tools and technologies, including SIEM, IDS/IPS, EDR, vulnerability scanners, and ticketing systems.
  • Contribute to the configuration, tuning, and optimization of security monitoring tools.
  • Troubleshoot issues related to security tools and escalate as needed.
• Reporting and Documentation:
  • Prepare clear and concise reports on security events, incidents, and trends.
  • Maintain accurate and up-to-date documentation of security processes and procedures.
• Collaboration and Communication:
  • Effectively communicate security-related information to both technical and non-technical audiences.
  • Collaborate with other security teams, IT departments, and business units on security matters.
  • Participate in knowledge-sharing activities within the SOC team.
• Continuous Improvement:
  • Identify areas for improvement in security monitoring, detection, and response processes.
  • Contribute to the development and implementation of new security rules and alerts.
  • Participate in security training and professional development activities.

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
• Minimum of 3 years of experience working in a Security Operations Center (SOC) environment.
• Strong understanding of security principles, common attack vectors, and mitigation techniques.
• Experience with security monitoring tools and technologies (e.g., SIEM platforms like Splunk; IDS/IPS systems; EDR solutions).
• Experience with log analysis and correlation.
• Basic scripting skills (e.g., Python, PowerShell) are a plus.
• Ability to prioritize tasks and manage time effectively.
• Relevant security certifications such as CompTIA Security+, CySA+, CEH, GCIH, or equivalent.
• Knowledge of cloud security concepts and platforms (e.g., AWS, Azure, GCP).
• Experience with vulnerability management processes and tools.
• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001).
• Experience with security automation and orchestration (SOAR) platforms.