Working collaboratively to detect and respond to information security incidents and vulnerabilities, maintaining and following procedures for security events alerting and security vulnerabilities reports, and participating in security investigations and mitigations, the main duties will be:
· Perform tasks including monitoring, research, classification and analysis of security events that occur on the SIEM, Network devices, Servers and/or End-Points (PCs). Should have familiarity with the principals of network, servers and endpoint security, current threat and attack trends, and have a working experience of security principals such as defence in depth and causes of security events, as well as how to respond to the security incidents and perform a root cause analysis properly.
· Accountable to manage security incidents, including Major Security Incidents and coordinate response with other teams. Activities include analysis and interpretation of security-related events, identifying trends and taking corrective action.
· Monitor and manage the SIEM Platform (LogRythm) used for events detection and alerting, by creating uses cases, rules as well as working on rules/policies tuning process to reduce the false-positives periodically.
· Manage small to medium sized projects or play a key role within a large project team.
· Technical Lead function of to the Cyber Security team
· Understand Clariant framework and follow defined processes. Develop all the necessary documentation requirements and establish a proper operations governance within all the other areas involved globally.Skills Required
· Degree in Computer Science, Management Information Systems or similar IT degree field.
· Professional experience of 5 years (minimum) working and providing services in a SOC or Cyber Security area.
· Solid understanding of Linux and Windows operating systems, common networking protocols, vulnerability management and deep packet inspection technologies.
· At least 5 years’ experience in the following areas: Firewalls, SIEM (Security Information and Event Management), Web Proxy, Intrusion Detection (IDS), Intrusion Prevention (IPS), Data Loss Prevention (DLP), Antivirus, Data Center Security, Virtualization, Mobile security, Network and Data security.
· At least 3 years’ experience leading or driving the vulnerability management governance and its operations, running scans, preparing reports, following up with systems owners for remediations and escalations.
· Advanced knowledge of common system exploits, network attacks, phishing techniques and malware.
· Advanced knowledge of cloud environment and solutions for cloud security
· Large experience of security incident management and response process.
· Security certifications such as CISSP, CCNA, Security +, MCITP/MCSE and ITIL Foundations Certifications is a plus.
· Project Management experience and certification is a plus.
· Excellent spoken and written English (fluent).
· Experience working in a virtual, international and multicultural environment.
· Excellent good communication, teamwork, accountability, problem solving and customer service skills.