Responsible to triage cyber security incidents as a member of Security Operations Center incident responders’ team first line.
- Continuously monitors the operating systems alert queue; triages security alerts; monitors health of operating systems security sensors and endpoints; collects data and context necessary to escalate to Tier 2 Analyst.
- Continuously monitoring the operating systems alert queue using multiple tools, such as SIEM, EDR and custom-built system monitoring tools;
- Continuously monitors health of operating systems security sensors;
- Conduction initial triage of alerts to identify potential, false positives, policy violations, intrusion attempts and compromises on the system level;
- Consolidating data from alert triage to provide context necessary to escalate to Tier 2 Analyst;
- Escalate to Tier 2 Analyst with all necessary data for deeper analysis and review.
- Must be available locally within Qatar and should be able to provide NOC transfer
- Knowledge about MS Windows and UNIX based systems
- Knowledge TCP/IP version 4 and version 6
- Security Event and Incident Monitoring System (SIEM), Orchestration tool and playbook response concept, Endpoint Detection and Response tool (EDR), Anti-malware systems, Intrusion Detection and Prevention Systems, Firewalls.
Required industry certificates:
- Comp TIA CySA+ certificate – Cyber Security Analyst Certification – in good standing
Incident Response Fundamentals certificate – in good standing
Recommended industry certificates:
- Analyst/Administrator for any SIEM solution industry leaders
- Some of SANS, GIAC, ISACA, (ISC)2 certificates or trainings