● 招聘公司:SITA
● 公司简介:我们通过全球最广泛的网络,为航空运输、全球分销系统和政府客户提供和管理复杂的业务解决方案。我们独特的行业知识源于我们对跨地域、语言和文化的客户问题的理解。我们与业界机构合作,为航空运输业(ATI)提供广泛的通讯及资讯科技服务。
● 招聘职位:团队领导服务运营 ● 职位性质:全职 ● 职位薪酬:$50,000+
● 工作内容: - 监控来自SIEM和其他威胁检测系统的威胁活动的安全日志源和警报。解释、分析并提出解决问题的建议。
- 寻找潜在的内部和外部威胁,开发检测机制和报告。
- 按照事件响应流程处理安全事件。
- 确保与解决方案组就优先行动项目进行及时和充分的后续行动。
- 制作保安事故报告及建议。
- 跟踪、维护和帮助SOC过程和程序的发展,包括用例、SOP等。
- 与解决方案组一起评估和推荐新的安全实践和解决方案。
- 为其他资讯科技团队及客户提供保安意见及提升保安意识。
- 通过对噪音和假阳性采取行动,积极改进我们的威胁检测和团队效率。
- 通过利用来自过去事件、沙箱报告、恶意软件逆转和数据取证的威胁信息,帮助生产威胁情报和IoC。
● Responsibilities: - Monitoring security logs sources and alerts from the SIEM and other threat detection systems for threats activity. Interpreting, analyzing and making recommendations for resolution.
- Hunting potential internal and external threats and developing detection mechanisms and reports.
- Handling security incidents in line with the incident response processes.
- Assuring the prompt and adequate follow-up on priority action items with resolver groups.
- Producing security incidents reports and recommendations.
- Following, maintaining and helping in the evolution of the SOC processes and procedures, including use case, SOP, etc.
- Working with resolver groups to evaluate and recommend new security practices and solutions.
- Providing security advices and promoting security awareness to other IT teams and clients.
- Working actively on evolving our threats detection and team efficiency by acting on noise and false positive.
- Helping in the production of threat intelligence and IoC by leveraging threats information from past incidents, sandboxes reports, malware reversing and data forensic.
● 职位要求: - 有领导SOC技术资源的经验。
- 丰富的SIEM技术、端点保护、id和其他安全技术经验;
- 良好的分析和解决问题的能力;
- 具备Windows服务器、Linux或网络方面的信息技术经验;
- 对各种平台(从防火墙、域控制器到IDS等)的系统和应用程序日志有良好的理解;
- 必须具备多种安全技术的专业知识,以及丰富的安全事件处理经验;
- 熟悉威胁情报数据、IoC、威胁行动者、kill chain、Stix/Taxii等;
- 具备regex、IDS签名、SPL和SQL等函数技能者优先;
- 具备网络分析、沙箱、恶意软件逆转或取证方面的技能;
- 具有IT遵从性评估的经验(Iso27k等);
- 熟悉SIEMs和日志收集系统(McAfee, Arcsight, Splunk, Elastic, AlienVault, QRadar)。
● Requirements: - Significant experience working within a mature SOC organization or as a security threat analyst in an equivalent security environment.
- Experience in Leading SOC technical resources.
- Strong experience of SIEM technologies, endpoint protection, IDS and other security technologies (preferable Elastic Search / ELK solution stack)
- High level of analytical and problem-solving skills.
- Experience in information technology in Windows servers, Linux or network.
- Excellent understanding of system, and application logs from a variety of platforms, from firewall, domain controllers to IDS, etc.
- Technical expertise in multiple security technologies is a must, as is extensive security incident handling experience.
- Good knowledge of threat intelligence data, IoC, threat actors, kill chain, Stix/Taxii, etc.
- Having experience in the pen testing/ethical hacker field is a plus.
- Functional skills with regex, IDS signature, SPL and SQL is a plus.
- Skills in network analysis, sandboxing, malware reversing or forensic is an asset.
- Experience with IT compliance assessments (Iso27k etc.).
- Proven knowledge of SIEMs & log collection systems (McAfee, Arcsight, Splunk, Elastic, AlienVault, QRadar)
扫描下方二维码获取更多招聘信息
招聘资讯联系小编发布
|
置顶卡
变色卡
千斤顶
