Technical IT Security Specialist/ SOC Manager/ Operator
Location : Central and Western District
Post Date : 17 October 2017
A French Investment Bank is looking for some IT Security professionals focusing in 5 major areas.
- Intrusion Prevention / Detection
- Daily support in Security Operations Centre
The candidate will have four main duties:
- Develop new logs analysis and correlation rules and maintain existing rules and different components of the SIEM alerting GUI (Dashboard, Alerting, etc.)
- Create the research algorithm
- Investigation and statistics analysis
- First level diagnose of the malicious codes (Sandbox or manually)
- Understand new vulnerabilities and their exploitations, advise and follow the remediation with the with concerned IT team
- Understand how new cyberattacks can target the bank
- Find relevant IOC sources to feed security monitoring tools
- Create or find pattern in order to anticipate and detect new attacks
- Static and dynamic analysis of malicious codes and malicious documents
2) Incident handling:
- Day to day current SOC operations, create, handle tickets (ServiceSnow/Secops).
- Qualify the security incidents and determine the scope of compromising data or components.
- Advise and help IT on cyber security investigations
- Provide expertise to other security teams on the configuration, remediation or solution and architecture evolution
- Collect technical data and determine the security incident's severities
- Forensic on the compromised system
Event logs and system traces
Network and application
4) Training :
- Share (to ITS and SOC) the knowledge and skills by organizing training sessions and write documentation
- Self training to rise in expertise:
- Techniques and forensic tools
- Exploitation of vulnerabilities
- Methods and analysis tools (survey, training, international conferences, …)
The candidate must be operational on the security equipment used in the bank and know the existing architectures.
If necessary, it must be able to change and adapt security equipment configurations, and must therefore know the operational risks and be able to evaluate the impacts of its actions.
- Bachelor degree in Computing Science, IT Security or relevant
- At least 5 years of related experience
- Knowledge of SIEM solutions - Experience with Splunk search syntax and Regex
- Experience in operating systems: Unix, Linux, Windows, Android/IOS.
- Proficient in system security vulnerabilities and remediation techniques, including how system processes are working
- Proficient in network protocols TCP/IP, routing, IPsec and VPN
- Good knowledge on Internet application protocols weaknesses and vulnerabilities: HTTP[S], SMTP, DNS, NTP, LDAP, SIP, SAMBA, SSH, etc. - Internet architecture definition
- Proficient in vulnerability analysis and assessment tools
- Penetration testing methods and tools, especially Web exploits (injections SQL, XSS/CSRF, etc.)
- Standard applications security configurations and hardening (web servers, mail, database, DNS, proxy, firewall, etc.)
- Knowledge of static and dynamic analysis tools (ollyDBG, windbg, immunity debugge, x64dbg, IDA)
To apply online (Word attachment only), please click the 'Apply' button. Please note that only short-listed candidates will be contacted.
41 Connaught Road,