ENCODE is seeking SOC Analysts at different seniority levels who will join the team of an Encode client and act as the first line of response regarding the potential occurrence of a cyber-attack or security incident. These SOC Analysts will support a multinational organization with multiple European locations and a significant and challenging security infrastructure.
Ideal candidates will have over 2 years of experience with security incident handling and response tasks as well as hands on experience with a SIEM solution. The Analyst should be competent to work at a high technical level, be a strong team player and be willing to follow applicable procedures while maintaining the flexibility to “think outside the box”.
Location: The role will be located in Luxembourg or Belgium.
Main Job Responsibilities:
- Perform tier 2 incident analysis and response for escalated incidents.
- Communicate with SOC management, senior SOC staff members and customers regarding investigations and status updates.
- Design, create and maintain custom SIEM content (creation, evaluation and tuning of rules, reports, dashboards, etc.).
- Design, create and maintain custom tools that support incident handling and response activities.
- End to end client integration with SOC for fresh installations and ad hoc scope expansions.
- SOC infrastructure design, implementation, maintenance and support.
- Manage system health and capacity utilizing monitoring tools.
- Define dashboards and reports for reporting on KPIs.
- On-call support during non-business hours may be requested.
- Provide support to incident responders.
- Improve correlation rules to ensure that the monitoring policy allows an efficient detection of potential incidents.
This high energy SOC Analyst must have:
- 3+ years of Information Security with at least 2 years of experience in incident analysis and response activities (either as SOC Analyst or Incident Responder).
- Demonstrated experience in:
- SIEM (HP Arcsight SIEM and/or IBM QRadar)
- Log management solution (Arcsight Loggers and/or QRADAR and/or Splunk)
- SNORT or SourceFire NGIPS, FireSIGHT (desired)
- Significant experience performing analysis of logs from a variety of sources.
- Experience with packet analysis (Wireshark) and malware analysis.
- Knowledge of current security trends, threats, and techniques.
- Experience with scripting (Perl, Python, or bash scripting).
- Excellent verbal and written communication skills (English)
- EU citizenship is mandatory
At least 1 certification in the field of incident handling:
- GCIH (GIAC Certified Incident Handler)
- GCIA (GIAC Certified Intrusion Analyst)
- ECIH (EC-Council Certified Incident Handler)
- CSIH (SEI Certified Computer Security Incident Handler)
- SCPO (SABSA Certified Security Operations & Service Management Practitioner)
- or an equivalent certification recognized internationally
CLICK HERE TO APPLY