Beschreibung
Currently we are searching for one candidate who is able to cover the following position:Basic parameters:
Location: Europe/Homeoffice
Duration: 6 months
Start: ASAP
This qualified candidate will provide day to day analyses and investigative services to monitor and detect potential intrusions into the organization’s network including validating the intrusion once it is detected. Daily activities will include reviewing of data sources (logs) for analysis from IDS, IPS and Endpoint Security Suite software products and applications. Daily activities also include, creating a priority list for review, reporting daily on findings and creating recommendations for process improvements especially for reducing false positives. Additional activities will also include executive reporting, technical documentation and gaps analysis.
Project description:
Conduct daily review of three consolidated log reports (in CSV format) for possible intrusions
Upon intrusion detection, review actual appliances and software product logs and payload to determine if false positive or actual potential intrusion
Escalate intrusion detection as needed
Provide support if further investigation of intrusions and intrusion attempts is required
Skills needed:
Information Security Policies and Controls understanding
Experience analyzing network protocols (at the network trace level) and understanding of standard communication protocols such as HTTP, HTTPS, SSL, TLS, TCP, IP, etc.
Experience using SIEM, Python subscription, regular expressions, Splunk, RSA NetWitness.
2 – 3 years of Unix System Administration experience
1 year of Windows System Administration a plus
Exposure with reading traffic streams for phishing schemes, and analysis and interpretation of discovered results from open source intelligence gathering sites and develop recommendations to improve security
SOC Operations experience a plus
Strong intrusion analysis and incident handling background
Experience working with leading IDS, IPS and Endpoint Security Suites
Experience with Snort, TippingPoint and Symantec Endpoint Security a plus
An understanding of technology and industry leading standards and processes
Network security engineering background a plus
Excellent communication skills and ability to work independently
Solid documentation skills for preparing status reports and summary of daily events documentation
Bachelor's degree in Computer Science, Information Systems, Business Administration or other related field (or equivalent work experience)
GIAC –GCIH and GIAC –GCFA certifications preferred
Industry standard certifications (e.g., CISSP, CISM, etc.) preferred
Ability to work independently
Ability to learn new processes and technologies
Excellent time management skills, and the ability to prioritize and multi-task
Proficient in English
Your GECO contact person is looking forward to your feedback:
Thomas Breuss
Telephone:
If you are interested in this position, we are looking forward to receive your current CV incl. your availability and your hourly rate.
Start: ASAP
Dauer: 6 Monate
Art: Festanstellung