Senior Cyber Security Analyst

Senior Cyber Security Analyst

 Abu Dhabi, NONE

 

Permanent

Role Purpose:
Reporting to the Senior Manager – Cyber Security Operations, the Senior Cyber Security Analyst assesses the damage and impact of information security events and incidents. This role involves developing and managing incident containment and recovery plans, ensuring proper and timely responses to incidents, and overseeing the activities of Cyber Security Analysts.

Key Accountabilities of the Role:

• Oversee the monitoring activities of Cyber Security Analysts.
• Validate incidents categorized as false positives by analysts.
• Triage identified incidents, ensuring classification according to criticality.
• Liaise with the Incident Response Team to coordinate incident response activities.
• Escalate incidents within defined SLAs to the Senior Manager – Cyber Security Center.
• Review collected evidence and conduct investigations to determine the damage and impact of incidents.
• Perform intrusion scope and root cause analysis.
• Participate in developing incident containment plans to limit damage.
• Assist in system backups and forensic image capture for later investigations.
• Redirect events to appropriate parties according to playbooks and standard operating procedures, providing necessary context.
• Follow up on reported events/incidents until closure and update tickets based on their status.
• Engage in incident eradication and recovery activities to ensure compromised systems are secured.
• Identify existing eradication plans or develop new ones based on documentation.
• Participate in incident recovery activities to restore affected systems to full operational status.
• Manage the turnover of security incidents and coordinate response efforts among stakeholders.
• Provide timely feedback to SIEM content developers regarding false positive and false negative rates.
• Stay updated on the latest trends and threats in the cybersecurity landscape.
• Collect Indicators of Compromise (IOCs) and threat intelligence data, building logic within security tools for detection.
• Collaborate with teams to monitor and manage vulnerabilities effectively.
• Develop and maintain standard operating procedures (SOPs) and incident response playbooks.
• Participate in the creation of incident reports and update lessons learned.
• Identify and develop workflow automation to enhance response times and efficiency.
• Assist in data recovery procedures.
• Participate in testing, deploying, and administering the infrastructure for effective incident response.
• Engage in threat hunting activities to proactively identify potential threats.