Sr Cyber Security Analyst

Sr Cyber Security Analyst

 Abu Dhabi, United Arab Emirates

 

Permanent

• Oversee the monitoring activities of Cyber security analysts.
• Validate the incidents categorized as false positives by Cyber security analysts.
• Triage the identified incidents and ensure that incidents are classified as per the criticality
• Liaise with Incident response team for coordinating the Incident response activities.
• Escalate the incidents within the defined SLA to Senior Manager – Cyber security center..
• Review collected evidence and conduct further investigation to identify the damage and impact caused by information security events and incidents
• Perform intrusion scope and root cause analysis
• Participate in  the development of an incident containment plan to limit incident damage
• Participate in systems backup and forensic image capture to ensure the affected systems state is captured as it is during the incident with the objective of performing forensics investigation at a later stage
• Redirect events to appropriate parties (according to playbooks and standard operation procedures) while providing necessary context and details
• Follow up on reported events / incidents up until closure and update ticket based on its status
• Participate in incident eradication and recovery activities to ensure compromised systems are no longer affected
• Identify existing eradication plan from existing documentation, or develop new one eradication plans
• Participate in incident recovery activities to ensure affected systems are fully operational
• Manage the proper turnover of security incidents and coordinate response efforts between the stakeholders involved in incident response activities
• Provide timely feedback to the SIEM content developers regarding false positive rate, false negative rate etc.
• Keep updated on the latest trends and threats in the Cyber world.
• Collect IOCs and other threat intel data and build logic within security tools to detect the presence of the IOCs in the organization.
• Collect Vulnerability details from the respective team and ensure that there is adequate monitoring on the exploitation of these vulnerabilities.
• Develop and maintain standard operating procedure (SOPs) and incident response playbooks based on identified incidents and develop incident eradication plans
• Participate in the development of incident reports and update of lessons learnt
• Identify and develop workflow automation to reduce response time and increase incident response procedures efficiency
• Assist in data recovery procedures
• Participate in testing, deploying, and administering the infrastructure required to provide appropriate incident response
• Participate in threat hunting activities