Security Operations Stream
Deliver MSS services adhering to processes and procedures
SOC Incident handling, investigation from SIEM technologies - LogRhythm, Splunk, ArcSight, AlienVault of Logicalis MSS customers.
Manage, maintain and operate Cisco AMP for Endpoint, Cisco Umbrella
Manage, maintain and operate Firemon in help our customers to optimize their firewalls.
Analyze security incidents to determine root cause and provide mitigation plans to MSS customers per SLA
Work with regional security teams in resolving incident tickets by delivering remote support.
Manage, maintain and operate vulnerability assessment tools viz., Tenable Nessus for MSS customers and provide assessment report including mitigation plans to close vulnerabilities.
Deliver vulnerability assessment with detailed reporting and present to customer on vulnerability prioritization.
Work closely with presales/sales in deploying Logicalis MSS solutions, execute Proof-of-Concept of MSS service offering for potential customers
Providing out of hours support on a rota basis as required
Stay update with all latest happenings in cybersecurity i.e., breaches, threat surface vector, vulnerabilities etc., to develop Threat Intelligence Feed.
Requirements
In-depth understanding of concepts viz., SIEM/UEBA, Vulnerability Assessment, Penetration Testing, ISO27001, Threat Protection, Data Protection,
Strong hands-on experience in SIEM technologies viz., Splunk, McAfee, ArcSight, AlienVault, LogRhythm and similar
Experience in deploying, managing Cisco umbrella, Cisco AMP for endpoint solutions
Experience working with Firemon and generating reports.
Excellent hands-on experience in SOC analysis, incident handling & investigation, event correlation, aggregation, normalization to reduce false positives and make SIEM technologies run efficiently.
Ability to develop Threat Intelligence and feed into SIEM platform
Strong hands-on experience on vulnerability assessment technologies viz., Tenable, Rapid7
Good understanding on Penetration Testing concepts, methodologies (White, Black and Grey), with strong hands-on experience on Metasploit and similar tool will add advantage.
Basic understanding of networking concepts and network security technologies (Firewall, Proxies, IPS/IDS etc.,). CCNA is a plus
Excellent English communication skills (verbal and written) combined with professional telephone manner.
Bachelor's degree in Computer Science/IT, Polytechnic Diploma with 3 years' experience, or 6 years work experience in-lieu of formal credentials.
At least 3 years work experience in cybersecurity and related fields.
Knowledge and certification on two or more of the following - Firewall, Content Filtering, Load Balancer, Web Proxy, IDS, IPS, Identity Management, Strong Authentication, Unix, Linux
Proven Unix (Solaris, Linux, BSD) experience.
Experience with ISO27001:2013 and MAS TRMG standards is a plus.
Certified with one or more of the vendor neutral certifications viz., CEH, CREST, GIAC
Certified with one or more SIEM vendor certifications viz., Splunk, LogRhythm, ArcSight, AlienVault
Outstanding track record of experience in a highly customer service driven role
Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards
Strong commitment to personal and technical development
Strong sense of ownership when dealing with challenging situations
Frances Diana delos Santos, Manalo EA License No.: 02C3423 Personnel Registration No.: R1219552