Cyber Security Project:
The project involves triaging alerts from security platforms (Taegis XDR, Microsoft Sentinal) and requires leveraging all available data sources, security tools and threat trends to assist with the creation of investigations, proposing customer actions & recommendations that optimize the monitoring capability. This project also requires providing support in multiple languages outlined below. The preferred countries for the multi-language support are APJ (India), EMEA (Cairo), AMER (Panama or Mexico), these are not mandated however would need a best cost location with the necessary technical and language skills. Respond to security incidents and threat analysis.
- Remediate high severity security incidents
- Lead & participate in threat hunting and threat intelligence activities
- Conduct advanced technical investigations for critical incidents paying attention to specific analysis and fast remediation advice with a focus on improving the customer security posture
- Conduct analysis of infected hosts or analyze network traffic to identify attacker activity
- Handle specific forensic and malware analysis, as well as complex log analysis requests
- Perform event correlation review through incoming data feeds, ticketing systems and security alert mechanisms
- Provide context on complex security incidents from Customer and other available resources, collect and assemble data, as well as contribute to technical reports
- Utilize in-depth technical knowledge to design procedures for the detection of threat actor’s behavior, as well as develop and implement standard technical procedures (runbooks) to be used by the Security Monitoring team for day-to-day operations
- Perform Event Stream tuning utilizing internal tools, metrics and experience involving key security concepts for systems efficiency
- Review security related events assess their risk and validity based on available network, endpoint, and global threat intelligence information
- Research and make recommendations for applying MITRE ATT&CK and NIST framework aligned strategies to the Customer’s environment
- Guide and mentor fresh Cyber Security L1 Analyst in triaging activities
- Accept work escalated by L1 Analysts for further analysis and reporting
- Be able to provide support in the following languages (English, German, French, Spanish, Portuguese). The resources need not be present in these countries but just be able to converse in these languages to provide support.
Technology in Scope
Essentials Skills (Must Have):
- Typically requires 5+ years of related experience in a professional role
- Certifications: One of these certifications CEH/CISSP/CySA+
- Experience with Microsoft, Carbon Black, Secureworks or Crowdstrike EDR/XDR toolsets
- Understanding of SIEM, Endpoint Security solutions, Linux and Windows operating systems, Honeypots, Sinkholes and Malware Sandbox Technologies
- Incident Response & Threat Hunting Understanding
- Understanding of threat intelligence and threat modeling concepts
- Experience in working with ticketing systems (ServiceNow is Preferred), escalations and crisis situations and continual service /operational improvement
- Advanced knowledge of cybersecurity components, principles, practices, and procedures
- Understanding of computer network exploitation (CNE) and computer network defense (CND) concepts
- Ability to research about targeted threat groups and their tactics, techniques and procedures (TTP)
- Understanding of vulnerability and exploit analysis
- Experience in conducting network traffic analysis and the detection of malicious code on endpoint systems
- In-depth understanding about Windows and Linux System internals (process tree, event IDs, registry, scheduled tasks, etc)
- Ability to clearly communicate technical observations to a variety of audiences, and strong written and verbal presentation skills
- Organizational awareness – understanding of organizational dynamics and the interactions among different stakeholders
- Eager to embrace new challenges and start new projects
- Possess high standard of integrity and confidentiality
- Strong sense of tolerance of change, uncertainty and urgency, and the ability to work under pressure
- Flexible to support team during Public Holidays either in shift or On Call support
- Experience with collaborating with the Incident Response team for major incidents
- Experience with creating rules for noise reduction (suppression, whitelisting, custom rules)
Preferred (Good to Have):
- Multiple security certifications from the following:
SANS GCIA, GCIH
CCNA, CCIE, NGFW Specialization
GREM, GCFE, OSCP (Threat Hunting specialist)
Industry certification from vendors: ISC2, GIAC, EC-Council, Cisco, Juniper, CompTIA, ITIL, Unix, Microsoft, Oracle, etc.
- Experience performing root cause analysis for major incidents (ex Ransomware)
- Solid knowledge of Incident Response, Traffic and Malware Analysis, Forensics, Reverse Engineering and analysis of security and infrastructure logs
- Automation/Scripting/Programming experience
Dell’s Flexible & Hybrid Work Culture
At Dell Technologies, we believe our best work is done when flexibility is offered.
We know that freedom and flexibility are crucial to all our employees no matter where you are located and our flexible and hybrid work style allows team members to have the freedom to ideate, be innovative, and drive results their way. To learn more about our work culture, please visit our locations page.
$ads={1}