POSITION SUMMARY:
The Analyst, Cyber Security Operations executes daily operations procedures as part of their daily task and responsibility.
He / she conducts the detailed and repeatable execution of all security operational tasks as described in the Cyber Security Operations Center processes, procedures and playbook.
He / she will be responsible for monitoring the Security Operations Center Main Channel for security events and responding accordingly.
He / she will maintain the group email address and distribution lists, answers to Security Operations Center main phone lines, and update all relevant documentation such as shift logs and tickets.
PRIMARY RESPONSIBILITIES:
1. Rapidly identifies, categorizes, prioritizes and investigates events as the initial cyber event detection group for Melco group utilizing all available Security Operations Center log sources to include but not limited to:
- a. Firewalls
- b. Systems and Network Devices
- c. Web Proxies
- d. Intrusion Detection/Prevention Systems
- e. Antivirus Systems
2. Monitors incoming event queues and active channels for security incidents using SIEM Tool per operational procedures.
3. Performs initial investigation, triage of potential incidents, and responds accordingly.
4. Uses available Cyber Security Operations Center tools for historical analysis purposes as necessary for detected events.
5. Monitors ticket or emails queue for potential event reported from outside entities and users.
6. Maintains Security Operations Center shift logs with relevant activity from shift.
7. Documents investigation results, and ensures relevant details are passed to Level 2 for further analysis and action.
8. Updates and references Security Operations Center collaboration tool as necessary for changes to Security Operations Center process and procedure, and ingest of Security Operations Center daily intelligence reports and previous shift logs.
9. Conducts security research and intelligence gathering of emerging threats and exploits.
10. Performs additional auxiliary responsibilities as outlined in the Console Monitoring Procedure.
11. Serves as a backup analyst for any potential coverage gaps to ensure business continuity.
QUALIFICATIONS:
I. Experience
With 2 to 3 years of IT experience.
II. Education
BS in Computer Science, IS, or related field or three years of equivalent experience.
III. Skills / Competencies
1. Understanding of TCP/IP, UDP, DNS, FTP, NetBIOS, and other protocols.
2. Understanding of network analysis, net flow analysis and use network sniffing tools
3. Understanding of log analysis tools (Log Logic, Splunk, or similar)
4. Understanding of Linux, UNIX, Windows
5. Understanding or experience with Security Event Information Management tools
6. Understanding of exploits and vulnerabilities
7. Understanding of the incident response processes or phases
8. Understanding of malware and eradication
9. Understanding of basic network services, vulnerabilities and attack surface.
10. Capacity to work independently and in a team environment, with proven leadership ability and project management skills
11. Must have excellent analytical skills, have the ability to multi-task and have solid project management skills.
12. Ability to understand the relationship between business processes, priorities, risk and their underlying technologies and security risks
13. Ability to keep pace with a fast pace and growing company
14. Ability to maintain discretion
IV. Other Attributes
1. Analytical and detail oriented – individuals must have passion and initiative
2. Strong written and verbal communication skills, good listening and presentation skills.
3. Independent-thinker and self-starter, who still can work well within team environment
4. Follow-up and attention to detail with great customer service skills.
5. Displays a high commitment to delivering results
6. Works well with others
7. Achieves agreed objectives and accepts accountability for results
8. Displays the highest level of integrity