高級安全分析師（英國上市企業；具有SOC和MSS環境經驗）

<p><strong>Accountabilities:</strong></p><p>·Handle security incidents and provide level two (L2) support during analysis & investigations to identify the root cause.</p><p>·Critical incidents to CSIRT team, for further analysis & investigations, and demonstrate excellent collaboration skills for timely resolution to minimize impact to customers.</p><p>·Provide detailed remediation recommendation to customersfor the incidents within agreed SLAs, and if required assist them during remediation implementation.</p><p>·Go that extra mile to proactively work with customer to build threat detection use cases, minimize incident noise, develop correlation logic and enable junior regional analysts to focus on critical incidents.</p><p>·Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.</p><p>·Prepare SOC monthly reports, which includes customization based on business requirements and present them to customers during monthly meetings, highlighting risks and mitigation plans.</p><p>·Lead new customer deployments by working closely with customer, regional onsite teams and relevant stakeholders during build phase, and take end-end responsibility for smooth go-live.</p><p>·Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.</p><p>·Enable regional security analysts to deliver seamless L1 support locally by developing SOC playbooks, relevant and sufficient Knowledge base.</p><p>·If required assist sales team to help pitch MSS offerings, drive proof-of-concepts and demo MSS services at technology events, to show value of the service offerings to prospect customers.</p><p>·Lead and manage junior analysts in handling incidents, day-day operations, SLA requirements, and customer requests.</p><p></p><p><strong>Experience:</strong></p><p>·Candidate should have at least 8 years of experience working in SOC and MSS environments, with a Bachelor’s degree in Computer Science/IT/Information security.</p><p>·Excellent hands-on experience in implementations, incident analysis of IBM <strong><u>QRadar</u></strong>, Alienvault SIEM technologies and should hold relevant vendor certifications.</p><p>·Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if CrowdStrike, Cisco AMP for endpoint.</p><p>·Hands on experience on email security solutions. Preferred if that is on Cisco Email Solutions.</p><p>·Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.</p><p>·Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with a proven Unix (Solaris, Linux, BSD) experience.</p><p>·Knowledge on any shell scripting language, and to apply them to automate mundane operations tasks.</p><p>·Candidate should have at least one SANS certification. Preferred if that is GCIH</p><p>·Understanding of basic network concepts and advantage if exposure to cloud technologies.</p><p>·Thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards</p>