SOC Analyst Tier 2- Banking

PositionDepartmentSecurity Operations Center\Information SecurityReports TSOC ManagerLocation Head Office\RemoteJob PurposeUses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within bank environments for the purposes of mitigating threats.Duties & ResponsibilitiesWorking closely with IT admins to minimize false positives from the security tools.Full root cause analysis and level 1 incident investigation.Provide Incident Response actions and remediation recommendationsFull Incident Management and Incident ResolutionThreat Intelligence and ongoing information GatheringSecurity Events Trend AnalysisLeverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.Create knowledge base article with incident details along with the resolution, which serves as a reference to SOC team in case of repetition of the same/similar incident in future.Track, analyse and understand the characteristics of latest threats, malware and vulnerability information and perform an assessment of the applicability of the same to the environment.Translate the logic to implementation by configuring resources such as Rules, Reports, Dashboards and Filtersetc. in SOC monitoring tools to detect the threats or anomalies.Create and maintain the alerts/dashboards/ reports inventory document.Analyse and investigate the alerts in SOC monitoring tools to report any abnormal behaviours, suspicious activities, traffic anomalies etc.Develop and configure use cases in SOC monitoring tools to detect and alert the non-compliance status and support the threat detection guidelines as per IT security team.Ensure that security significant logs are available in SOC monitoring tools for analysis and investigation.Internal ContactsInformation Technology sector, end userExternal ContactsCentral Bank of Egypt (CBE)**Requirements**:- QualificationsHolds Bachelor's degree in Engineering, Computer Science, Cyber Security or any related field, Information Technology Institute (ITI) graduates preferably majoring in Security OperationsHold at least one of the following SANS certifications:GIAC Certified Incident Handler (GCIH)GIAC Certified Intrusion Analyst (GCIA)Or equivalent EC-Council certificates such asCertified Ethical Hacker (C|EH)Computer Hacking Forensic Investigator (CHFI)Certified Incident Handler (ECIH)Preferably have one of the following certifications: CCNA Security, Security +LanguageArabic, EnglishExperienceAt least 3 - 5 year's professional IT experience or working in a Security Operations Center (SOC)Incident Management and ResponseAdvanced Experience in security device management and SIEMKnowledge in Security Scans.Good Analytical skills, Problem solving and Interpersonal skills.Knowledge of security concepts such as cyber-attacks and techniques, threat vectors.Needed Skills & KnowledgeAbility to:Analyze malware.Conduct vulnerability scans and recognize vulnerabilities in security systems.Accurately and completely source all data used in intelligence, assessment and/or planning products.Interpret the information collected by network tools (e.g., Nslookup, Ping, and Traceroute).Knowledge of:Computer networking concepts and protocols, and network security methodologies.Risk management processes (e.g., methods for assessing and mitigating risk).Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.Cybersecurity and privacy principles.Cyber threats and vulnerabilities.Specific operational impacts of cybersecurity lapses.Authentication, authorization, and access control methods.Cyber defense and vulnerability assessment tools and their capabilities.Computer algorithms. Encryption algorithmsCryptography and cryptographic key management conceptsDatabase systems.Host/network access control mechanisms (e.g., access control list, capabilities lists).Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).Incident response and handling methodologies.Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).Intrusion detection methodologies and techniques for detecting host and network-based intrusions.Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).Network access, identity, and access management (e.g., public key infrastructure, Oauth, SAML).Network traffic analysis methods.New and emerging information technology (IT) and cybersecurity technologies.Operating systems.Traffic flows across the network (e.g., Transmission Control Protocol (TCP) and Internet Protocol (IP), Open System Interconnection Model (OSI), Information Technology Infrastructure Library, current version (ITIL)).Policy-based and risk adap