Project OverviewCibersecurity Engineer L2 + Linux experience.
We are looking for a system admin engineer, with skills in Cybersecurity Operations Centre, proficient knowledge in administering Linux systems, preferably Red Hat Enterprise Linux (RHEL).
and practical experience in Distributed File System (DFS), SIEM and EDR.
His primary responsibility is to conduct advanced threat analysis, using detailed investigative and forensic techniques to understand the root cause and extent of incidents.
Responsibilities
Distributed File System: QTrees and security groups creation along with assignment to SVMs, Shares, etc
Advanced Analysis: Perform deeper and more detailed analysis of incidents, evaluating sophistication and potential impact compared to level 1.
Specialized Escalation: Handle incidents of greater complexity, escalating to higher levels and coordinating with specialized teams when necessary.
Forensic Investigation: Conduct forensic investigations to determine the root cause of incidents and collect evidence for possible legal action.
Signature and Rule Development: Create and update signatures, rules, and behavioural profiles in detection tools to improve accuracy and effectiveness.
Technical Advice: Provide technical advice to level 1 analysts, helping in the understanding and resolution of more complex incidents.
Tool Optimization: Collaborate in the improvement and optimization of security tools, proposing adjustments and updates to keep up with threats.
Critical Incident Management: Coordinate the response to critical incidents, ensuring efficient execution of mitigation and recovery plans.
Review of Security Policies: Evaluate and update security policies and procedures, ensuring their alignment with best practices and regulations.
Staff Training: Provide ongoing training to Tier 1 staff and other teams on new cybersecurity threats, tactics, and techniques.
Coordination with Internal Teams: Collaborate closely with internal teams, such as the risk management and compliance team, to address specific security aspects.
Development of Executive Reports: Prepare detailed executive reports on incidents, providing clear and concise information for decision making.
Continuous Process Improvement: Identify opportunities for improvement in incident response processes and contribute to their continuous evolution.
Participating in Advanced Drill Exercises: Engage in more advanced cybersecurity drills to test responsiveness and improve team readiness
Required Skills
Proficient knowledge in administering Linux systems, preferably Red Hat Enterprise Linux (RHEL)
Solid knowledge of cybersecurity principles and practical experience implementing security measures
Practical experience in:
Distributed File System (DFS)
SIEM operation & tooling (Microsoft Sentinel, IBM QRadar, Splunk, Chronicle).
EDR operation & tooling (MS Defender, Symantec, CrowdStrike Falcon among others).
Strong understanding of TCP/IP networking, firewalls, and general network communication principles
Strong analytical and problem‐solving skills
Excellent written and verbal communication skills.
High ability to multi‐task, prioritize, coordinate, work well under pressure and meet deadlines.
Experience in incident, problem management, and/or change management.
Additional InformationWe are looking for someone with high skills in scripting as well, very motivated and with a good level of English (at least a B2 spoken level) .
No shift & yes on calls.
Model of work: hybrid.
#J-18808-Ljbffr