Responsibilities:
Management of incident activities.
Conduct technical assessments of computer related security incidents, including malware analysis, packet level analysis, and system level forensic analysis.
Document initial analysis of malware and understand the process to follow in order to protect the organization from newly identified malware strains.
Have the ability to recognize when a Security incident meets the appropriate criteria for escalation to a declared security incident.
Understand and demonstrate the ability to escalate appropriate security incidents to the correct level or external organization.
Monitoring, managing, and coordinating the information collection and cataloging of activities from a variety of public and private security related information sources.
Work as a team with the other members and the internal ICT team.
Coordination of incident response activities (escalations, notifications, conference calls, etc.)
Assess severity levels of security threats (e.g., incidents, vulnerabilities, malicious code) and coordinate the appropriate notifications or escalations in a timely manner.
Good computer security incident handling and analytical skills.
Communicate the impact and nature of incidents in terms of business operational continuity.
Level 2 analysts must be able to demonstrate advanced knowledge of Networking, Windows and Unix operating systems.
Have a general understanding of routing and infrastructure protocols and hardware.
Be able to read and interpret the effects of network Access Control Lists on various application protocols.
Be familiar with modern distributed authentication systems - Kerberos, RADIUS, TACACS, X509 and be able to observe and interpret authentication sessions in these protocols.
Be familiar with fundamental internet architecture concepts, such as BGP autonomous systems.
Understand the functions and configuration of the organization's security controls
Be familiar with the construction of the Log Correlation Rules that drive the organizations workflow; what events they correlate together, and the threshold and threading settings used.
Be able to describe the general configurations of our security controls, and why those configurations were chosen.
Lucidly communicate chance recommendations for those controls and detail the business risks and technical impact of those requests for configuration changes.
Be able to communicate the general architecture and workflow of the organization's incident management process, including all components and general dataflow.
Have an advanced understanding of TCP/IP protocol internals (RWIN, TTL, Flags, Fragmentation)
Be able to perform general packet analysis, to extract content and context from traffic dumps.
Be able to read content streams from all major content and command protocols, and interpret the activities seen therein.
Have an advanced understanding of how to use network capture and analysis tools such as Snort, Suricata, Wireshark, and tcpdump. L2's should be able to reconstruct sessions, retrieve files from network captures, and demonstrate the ability to use network captures in forensic investigations.
Be able to generate advanced portscans and interpret the results.
Keep up with popular internet culture to be able to recognize additional context in information discovered during investigations.
Confidently operate all common remote administration mechanisms and tools.
Be able to locate system and application logs for all major operating systems and versions.
Qualifications:
Bachelor's Degree in Cyber Security, Electrical Engineering/Computer Science/Information Technology or related.
3-5 years of experience in in Infosec 0r Cyber Security within the Financial Services Sector.
Certifications in either of Network+, Security+, CySA+, GSEC, CEH, CISA, CISM or any other information security related course will be an added advantage.
Hands on knowledge of common SIEM solutions, alerts and management.
Knowledge of common network protocols such as TCP/IP, HTTP, DNS, etc.
Experience with Microsoft Windows and UNIX operating systems is required.
Knowledge and/or experience with common security tools and solutions such as anti-virus, Intrusion Prevention Systems and Firewalls is an added advantage.
Knowledge and/or experience with Oracle, MS SQL, My SQL, etc.
Good communication and presentation skills.
Enthusiasm, curiosity, thirst for knowledge and passion for the job is required.
Analytical thinking, customer focused and team player.