We are currently seeking an experienced Security Analyst (Level 1). The analyst will work as part of the Security Operations Centre (SOC) providing level 1, 2 & 3 support for managed services customers. This includes providing phone, email, remote access and occasionally face to face support. Responsibilities involve incident logging and ownership (with detailed notes), managing escalations, incident investigations and ensuring that Service Level Agreements (SLA) response and resolution targets are met. Responsibilities also include the management and implementation of change requests, configuration changes, technical report writing and software updates and the mentoring of junior staff members.
You must be an Australian Citizen, be proficient in monitoring and analysing logs and events from a multitude of sources while using systems like SIEM's, log analysers and threat intelligence sources to determine whether said events constitute a genuine security incident. The role does involve shift work, and analysts must be willing and able to perform shifts during business hours and outside normal business hours as the SOC requires 24x7x365 attendance.
Our SOC analysts work in a professional supportive team environment with exposure to cutting-edge technologies. There will be considerable room for development within this role as training will be provided across a broad range of security technologies and industry certifications.
Required Skills & Experience
The ideal candidate must be an Australian Citizen, have 2-4 years of experience working with systems, networking and security technologies, with at least 1 year working in an operational security, analyst or equivalent role. The candidate will be required to demonstrate the following skills and proficiencies:
- Working knowledge of the TCP IP stack
- Working knowledge of Networking stack
- Experience with threat-hunting
- Hands-on security knowledge of Windows/Linux/Unix platforms
- Hands-on experience with one or more SIEM systems (e.g. AlienVault, ArcSight, Exabeam, IBM QRadar, LogRhythm, McAfee ESM, Rapid7 IDR, Splunk)
- Experience in troubleshooting and managing firewall technologies (e.g. Check Point, Cisco, Fortinet, Palo Alto)
- A demonstrated knowledge of IT security controls associated with firewalls, email, web, endpoints, operating systems, IPS/IDS, cryptography, networks etc.
- Experience working with vulnerability management solutions (e.g. Nexpose, Qualys, Rapid7, Tenable)
- Experience with or knowledge of (5) or more of the following technologies: AlienVault, AlgoSec, Avecto, Carbon Black, Cisco, Crowdstrike, CyberArk, Darktrace, F5 Networks, FireEye, ForeScout, Fortinet, IBM BigFix, Imperva, KnowBe4, LogRhythm,McAfee, Mimecast, Netskope, Okta, Palo Alto Networks, Proofpoint, Qualys, Rapid7,Skybox, Sophos, Splunk, Tenable, Tufin and Zscaler.
- IT Diploma or equivalent
- Security certifications: CompTIA Security+, CEH, OSCP or equivalent
- Networking Certifications: CCNA, CCNP or equivalent
- Security Vendor certifications - Carbon Black, CyberArk, FireEye, Fortinet, Netskope, Proofpoint, Tenable and Zscaler.
- If the above vendor certifications are not yet held, they will be provided during the probation period.
Contact Ged Wilson for more information.