About Ekkiden: International consulting group founded in 2019, Ekkiden fosters an ecosystem of passionate and committed consultants who lead organizational, operational, and technological transformation projects in IT/Digital, Industry/R&D, and Sustainability, for large enterprises and SMEs in France, Switzerland, Spain, and Germany.
About the job: Security Operations Analyst (SIEM Technologies) | United Nations International Computing Center in Valencia (UNICC)
100% remote | EMEA time zone
You will work under the supervision and guidance of the Head of Cyber Security Operations to provide front line support to UNICC Partners in the area of information/cyber security, risk management consulting, and security operations activities in collaboration with a team of information and cyber security experts.
Responsibilities:
1. In close collaboration, build, adjust and implement analytics and detection rules for SIEM, EDR and AV.
2. Under guidance, participate in cybersecurity architecture review of new or existing technical solutions and provide recommendations for improvement.
3. Contribute to the preparation of KPIs for cybersecurity operations capabilities.
4. Monitor and investigate alerts leveraging Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoint, Azure Security, Azure Sentinel and XDR).
5. Monitor and triage AWS security events and detections.
6. Monitor and investigate alerts leveraging EDR solutions.
7. Work with alerts from the CSOC Analysts, to perform in depth analysis and triage of network security threat activity based on computer and media events, malicious code analysis, and protocol analysis.
8. Review trouble tickets generated by CSOC Analyst(s).
9. Identify incident root cause and take proactive mitigation steps.
10. Assist with incident response efforts.
11. Work directly with cyber threat intelligence analysts to convert intelligence into useful detection rules.
12. Collaborate with incident response team to rapidly build detection rules and signatures as needed, as well as maintaining and improving existing detection rules.
13. Perform lessons learned activities.
14. Leverage emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
15. Review and collect asset data (configs, running processes, etc.) on these systems for further investigation.
16. Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose.
17. Document actions in cases to effectively communicate information internally and to client.
18. Determine and direct remediation and recovery efforts.
19. Provide other ad hoc support as required.
What we are looking for:
The resource MUST have the following skills and experience:
* Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols.
* Deep knowledge of Microsoft Security Tools (e.g.
#J-18808-Ljbffr