Job description / Role
At DarkMatter, we are building an organization of specialists to provide the ultimate integrated cyber security protection available. Whatever the scope, scale or sensitivity of our clients' work, we'll assess their risks, resolve their vulnerabilities and always keep them ahead of the threat, offering them the best possible products and solutions.
As a Principal SOC Security Analyst (III), you will:
- The Tier 3 Analysts are responsible for incident response activities and support, investigations and remediation activities of confirmed incidents, and to manage and mentor T1/T2 analysts. The responsibilities of a Tier 3 Analyst include:
- Validate the Incidents reported by Tier 1 and Tier 2 SOC analysts, and provide feedback, to include those within a physical security, IOT and SCADA environment.
- Conduct advanced analysis of threats related to the incident.
- Conduct Scope analysis and recommend containment actions for all confirmed incidents.
- Develop SOP to investigate alleged violation, or suspicious activity utilizing the available technology.
- Document and Publish IR Report for all incidents handled.
- Involve internal teams as necessary to identify Root Cause and remediate incidents.
- Client and Internal Reporting (Monthly and Quarterly Executive reports)
- Identify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action.
- Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence.
- Document original condition of digital and/or associated evidence (e.g., via digital photographs, written reports).
- Identify data or intelligence of evidentiary value to support counterintelligence and criminal investigations.
- Recommend computing environment vulnerability corrections.
- Monitor and analyze cyber threats intelligence feeds to determine anomalous activity, threat intelligence, correlations, and trends.
- Determine tactics, techniques, and procedures (TTPs) for intrusion sets.
- Conduct tests of security controls in accordance with established Incident Response plans & procedures.
- Provide recommendations for device configuration to facilitate optimal performance.
To bring your dream to life, you'll need:
- 8+ years of hands on experience in Information Security domain.
- 4+ years of experience in IT/OT SOC environments.
- Direct Exposure to either two or more of the following technologies: Arcsight, Splunk, McAfee, Symantec, Tripwire, and Cisco.
- Must be currently working in a Security Operations Environment, preferably in a power plant environment.
- Experience working with ICS best practices and frameworks such as: ISA-99/IEC-62443, NERC CIP, NIST SP 800-82, etc.
- Experience working with security practices and technologies such as virtualization, vulnerability assessments, anti-virus, firewalls, patching and monitoring in ICS environments.
- Experience working with industrial protocols such as OPC. Modbus TCP, HART, etc.
Working in Abu Dhabi
At DarkMatter, we're turning our biggest ideas into reality in the fastest moving and most dynamic city on the planet. Working here, you'll lead technical innovation in the region while taking advantage of all Abu Dhabi has to offer. From first class healthcare and education, to superior living accommodations and cultural attractions, you'll find your ideal career and more in this global crossroads. The UAE is one of the safest and most secure areas in the world. And with its location between Europe, Africa and Asia, you'll expand your worldview in just a short flight. But you won't have to venture far from the city to experience its diversity. You'll find people of over 50 nationalities working in the DarkMatter Group. Join us and see that while far away from the concrete tech jungle, Abu Dhabi is an oasis where your latest innovations will thrive and grow.
About the Company
DarkMatter is transforming the cyber security landscape. Headquartered in the UAE and operating globally, we're the region's first and only fully integrated digital defence and cyber security consultancy and implementation firm. Our elite team of global experts deliver advanced, next-generation solutions to governments and enterprises across the cyber security spectrum.
We help clients simplify the enormous complexity of today's ever-evolving cyber threats. Our vision is to protect the future by securing its technologies. Innovation and Research are cornerstones to our development and the activities in these areas underpin our entire range of offerings, including Secure Communications, Public Key Infrastructure and Big Data & Analytics products.