About the Client
Our Client is an internal IT service provider for company operating in 220 countries.
About the Role
To support and develop IT components and tools within the organization’s security infrastructure and its associated services (Cyber Defense Center).
• Develop and support DoS protection infrastructure, capabilities and associated tooling
• Develop new SIEM use cases, support and maintain existing content
• Work with internal customers on SIEM on-boarding
• Correlate and coordinate events across all activities in above sections
• Provide RUN support for security technologies (Anti-DDoS, SIEM), handle incidents, perform changes, etc.
• Reactive assistance in root cause analysis
• Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
• Follow pre-agreed work procedures and applies pre-approved changes to prevent damage and mitigate outage risks
• Provide security incident reports to customers and management
• Lead by setting a good example (role model) – behavior consistent with words
• Provide status reporting of team activities against the program plan or schedule
• Provide guidance to the team based on management direction
• In depth understanding of IP network security including Firewalls, common network and application protocols including the OSI Model, Switching, Routing, TCP/IP, ACLs, NAT, OSPF, BGP, QoS, VOIP, TLS/SSL, HTTP, 802.11, H.323, SIP, SNMP, load-balancing, SFTP and DNS required.
• Hands-on experience with troubleshooting complex network problems including internet routing issues
• Experience design and support of DoS protection deployments and measures
• Hands-on experience with DoS/DDoS detection, analysis and mitigation
• In depth understanding of DDoS attacks of all layers and mitigation solution for each of them
• Fluent Linux administration
• Basic scripting (BASH, Python...)
• Experience with usage of least one SIEM technology (Arcsight, QRadar…)
• Experience with development of SIEM content
• Good understanding of security technologies (Antivirus, Firewall, IPS...)
• Good overview of Information Security topics (encryption, authentication, vulnerability management etc.)
• Good written and spoken English
• Decision-making skills
• Experience in Information Security field
Nice to Have Skills
• Good knowledge of at least one IPS technology (Snort, CheckPoint, etc.)
• Penetration testing and forensics skills