Security Operations Analyst | 6 month position | 100% remote

International consulting group founded in 2019, Ekkiden fosters an ecosystem of passionate and committed consultants who lead organizational, operational, and technological transformation projects in IT/Digital, Industry/R&D, and Sustainability, for large enterprises and SMEs in France, Switzerland, Spain, and Germany.

About the job :

Security Operations Analyst (SIEM Technologies) | United Nations International Computing Center in Valencia (UNICC) 6 month position | 100% remote You will work under the supervision and guidance of the Head of Cyber Security Operations to provide front line support to UNICC Partners in the area of information/cyber security, risk management consulting, and security operations activities in collaboration with a team of information and cyber security experts. Within the different activities performed by the CSOC team, the resource will focus mainly, but not exclusively, on the part related to the administration and engineering of SIEM platforms.

Responsibilities:  

• In close collaboration, build, adjust and implement analytics and detection rules for SIEM, EDR and AV
• Under guidance, participate in cybersecurity architecture review of new or existing technical solutions and provide recommendations for improvement
• Contribute to the preparation of KPIs for cybersecurity operations capabilities
• Monitor and investigate alerts leveraging Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoint, Azure Security, Azure Sentinel and XDR)
• Monitor and triage AWS security events and detections
• Monitor and investigate alerts leveraging EDR solutions
• Work with alerts from the CSOC Analysts, to perform in depth analysis and triage of network security threat activity based on computer and media events, malicious code analysis, and protocol analysis
• Review trouble tickets generated by CSOC Analyst(s)
• Identify incident root cause and take proactive mitigation steps
• Assist with incident response efforts
• Work directly with cyber threat intelligence analysts to convert intelligence into useful detection rules
• Collaborate with incident response team to rapidly build detection rules and signatures as needed, as well as maintaining and improving existing detection rules
• Perform lessons learned activities
• Leverage emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
• Review and collect asset data (configs, running processes, etc.) on these systems for further investigation.
• Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose
• Document actions in cases to effectively communicate information internally and to client
• Determine and direct remediation and recovery efforts
• Provide other ad hoc support as required

What we are looking for:

The resource MUST have the following skills and experience:

• Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols
• Deep knowledge of Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR)
• Deep Knowledge of Cloud technologies (e.g. Azure, AWS and GCP)
• Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, MS Sentinel, ELK Stack
• Knowledge of at least one EDR solution (MS Defender for Endpoint, SentinelOne, CrowdStrike)
• Knowledge of email security, network monitoring, and incident response
• Knowledge of Linux/Mac/Windows
• +5 years of relevant experience in information technology field, including triage of alerts and supporting security incident
• Proven experience in reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
• Proven experience on administering a SIEM platform, preferable either Splunk or Microsoft Sentinel SIEM
• Expert knowledge of English

The resource SHOULD have the following skills and experience:

• Proven knowledge of monitoring AWS environment (Iaas, Saas, Paas)
• Knowledge of at least one general-purpose or shell scripting language (e.g. Ruby, Bash, PowerShell, Python, etc.)

Required Soft Skills:

• Excellent communication skills
• Customer facing experience and oral communication skills
• Ability to write documentation & reports
• Creativity/ ability to find innovative solutions
• Willingness to learn on the job
• Conflict management & cooperation

Desirable certifications:

• Technical certifications: MCSE, CCNA, Microsoft Azure (e.g., SC-200), GCIH, CEH, GCFA or any GIAC/similar certification

 

We offer:

🤝 Join us at the right time to make your mark in a fast-growing organization  🚀 Various missions and projects that will allow you to have a real impact on the company 💪 The ability to work autonomously and to drive new initiatives  ✨ A career path adapted to your personality, both in terms of role and location  👍 A strong culture, based on sharing, respect, ambition, and team spirit  🙌 The opportunity to manage teams and develop your area of expertise by leading one of our squads   👩 Develop your management and leadership skills, because, at Ekkiden, consultants look after the careers of other consultants. Gone are the days when your career was driven by a salesman!  ❤ Health insurance    

What’s the Recruitment Process Like at Ekkiden?

At Ekkiden, we're committed to providing a positive experience for every candidate.

📞Initial Call: Our recruitment team will reach out to discuss your motivations and expectations. 💬Interviews: You'll have one or two interviews with our business managers, depending on the role you're applying for. ✅Client Meeting: Finally, you'll have the opportunity to meet with the client.

While this is our standard process, we may make adjustments based on specific circumstances.

 

You can also find all our job offers on our website 👇 
https://jobs.ekkiden.com/