SENIOR SOC ANALYST

Descrição da empresa Alter Solutions Portugal is an IT Consultancy Company, promoter of Digital Transformation, part of the Alter Solutions Group, created in , in Paris.
In , Alter Solutions joined the act digital group, constituting a global community of talent in Technology, with presence in twelve countries.
Germany, Belgium, Brazil, Canada, United States of America, Morocco, Spain, France, Luxembourg, Poland, Portugal and Serbia.
Also in , we were certified as a Great Place to Work©.
In Portugal, we partner with over 120 clients and a team of over 500 people, working in projects for industries as diverse as banking, insurance, transportation, aviation, energy, and telecom.
Headquarters of the Nearshore IT center, Alter Solutions Portugal has a dedicated team of around 30 specialized professionals, integrated into projects with several internationally renowned clients Descrição do emprego The main activities are the ones below.
Detection, categorization and investigation of infrastructure, applications and security incidents Vulnerability management on critical vulnerabilities (handling, categorization and follow-up)  Leading incident response plans  Follow-up of remediation plans  Implementation of detection scenarios and treatment of associated alerts  The L2 SOC Analyst is responsible for monitoring and analyzing the organization’s networks and systems on a daily basis to detect, identify, investigate, and mitigate potential threats.
They must be able to identify anomalous behavior, recognize patterns of malicious activity, and take appropriate corrective action.
In addition to their daily duties, the L2 SOC Analyst will provide recommendations for improving security posture and assist with incident response plans, policies, and procedures.
Some additional responsibilities may include recommending tools or solutions, participating in audit activities, providing reporting on security events/incidents and collaborating with other teams across the organization.
Main Tasks and Responsabilities.
The candidate will have 3 main missions.
1) Analysis.
Participation in improving correlation and log analysis rules   Conduct investigations and research including statistics   Interpret or perform first level (Sandbox or manual) minimum scans on malicious codes  Improve our Threat Intelligence activity    2) Handling incidents.
Creating, and managing service requests via our ticketing tools (ServiceSnow / SecOps / TheHive)  Qualify and analyze these elements to determine the cause of the incident, the mode of operation of the attack (vulnerabilities use, tactics, technics), the scope and the perimeter of compromise  3) Training.
Knowledge transferring in-house and writing documentation   Apart from these activities the candidate will have to maintain and develop his expertise.
in techniques and tools of digital investigation  methods and tools for analysis (monitoring, training, international conferences, etc.) Habilitações Main requirements.
The candidate must be operational on the security tools used in the BPCE IS and master the architectures in place.
Solid knowledge in most of the following technical areas is required, keeping in mind that no one is an expert in every topic.
The ideal candidate should have advanced problem-solving skills and a background in cybersecurity engineering.
1) SIEM/SOAR  Knowledge of the operating principles of Information Monitoring and Security Event Solutions (SIEM).
Good experience of Splunk and Regex search syntax.
Good experience of theHive  2) SYSTEM/NETWORK  Good knowledge of network and system architectures  Knowledge of the operation of intrusion detection probes and event log correlation tools  3) SECURITY.
Good knowledge of Mitre Attack framework and counter measures link to the technics and tactics  Good knowledge of Information monitoring and analysis tools and methods.
Good knowledge of the security standards for different technologies (web servers, messaging, database, DNS, proxy, firewall, etc.)  Have a good knowledge on one or more of the following topics.
Web application vulnerabilities   Malware types (rootkit, ransomware, botnet, etc.)  Obfuscation and persistence technics (cryptography, packing, etc.).
Digital investigation/analysis tools  SandBox behavioral Informações adicionais Hybrid working model in Porto; Fluency in English is mandatory.
Estou interessado Estou interessado Política de Privacidade