Job description / Role
As a Security Analyst will primarily support day to day security operations and event investigation. Expertise in SIEM technologies, log management, incident management, Antivirus and endpoint security are key to the role. This role will report to the Infrastructure Manager and will interact with security operations teams (outsourced or in-house) and the infrastructure security team.
- Assemble and coordinate with technical teams and third-party vendors to resolve incidents as quickly and efficiently as possible.
- Assist in the response to security events and escalations and oversee incident response procedure as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary .
- Act as administrator and threat hunter for End point security technologies i.e. Antivirus, Machine learning, Deception, Email security protection etc.
- Maintain current knowledge of information security trends, threats & responses
- Adhere to and improve upon policies and procedures on incident management, malware analysis, forensics analysis and used of information security tools and information.
- Provide SME guidance on incident analysis, root cause analysis and problem resolution and collate security incidents and event data to produce monthly exception and management reports.
- Perform normal and exceptional processing of user access and change requests, escalating such requests when appropriate.
- Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
- Work with users and technical staff including network engineers, system administrators, software developers to resolve security issues in a timely manner
- Research, recommend, evaluate, implement information security solutions that identify and/or protect against potential threats, & respond to security violations.
- Respond to emerging threats such as APT and other forms of targeted attacks, organized crime, etc.
- Implement and manage tools and technologies for indicators of compromise and other threat intelligence.
- Perform detailed forensic analysis of assets, including logs, malware samples, hard drive images, etc.
- Restrict and stop incidents. Research and stop IOCs on endpoints and network.
- Reconstruct events of a compromise by creating a timeline via correlation of forensic data.
- Analyze malware and other attacks to extract indicators of compromise.
- Communicate status of response, resolution and final root cause analysis to the appropriate stakeholders.
- Ensure that, where appropriate, all forensic investigations are recorded and tracked to meet audit and legal requirements.
- Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues.
Required Technical and Professional Expertise
- 2-3 years of experience in Information Security with at least 3 years experience in security event analysis and incident response.
- At least 3 years experience in network and endpoint infrastructure security technologies, specializing in log monitoring product-based consulting, architecture and implementation.
Preferred Tech and Prof Experience
- Knowledge and experience in Enterprise Log Management (ELM) and SIEM tools and processes .
- Subject matter expertise in at least one or more of the following: IBM QRadar , ArcSight , LogLogic , RSA EnVision , LogRhythm , Splunk and other similar products.
- Subject matter expert in Endpoint and Deception technologies and Email security.
- Should have the ability to develop processes & procedures around SOC/SIEM
- Familiarity with the following technologies: SIEM, Active Directory, Microsoft Windows, Linux, firewalls, network protocols, IDS/IPS, advanced malware protection.
- Experience in the identification, assessment, mitigation and management of information security risks and issues.
Proven experience facilitating workshops, generating reports, preparing presentations and project management
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Preferred Education: Master's Degree Commissionable: No
Key Job Details
- Country: SA
- State: AR RIYAD
- City: RIYADH
- Category: Consultant
- Required Education: Bachelor's Degree
- Position Type: Early Professional
- Employment Type: Full-Time
- Contract Type: Regular
- Location: RIYADH, AR RIYAD SA
About the Company
For more than six decades, IBM Middle East & Pakistan has played a vital role in shaping the information technology landscape of the region. Today, IBM is part of the region's technological fabric, solving real-world business and societal challenges, through its offices in UAE, Saudi Arabia, Qatar, Kuwait and Pakistan, and also a diversity of centers across the region.
Within the region, IBM currently has groundbreaking initiatives in cloud computing, analytics, mobile, security, as well as nanotechnology, eGovernment, healthcare and many more, collaborating with leading educational institutes and governments. IBM supports hundreds of clients to drive transformation through technology, contributes to regional research & development programs and has an active Corporate Service Corps (CSC) program.
Reinvention is a keyword in the company's history and, today, IBM is much more than a "hardware, software, services" company. IBM is now emerging as a cognitive solutions and cloud platform company.