Team8 Advanced Monitoring Analyst 

Israel 

311671707

Main Responsibilities

• Perform Post-Breach monitoring activities in global clients’ environment including in-depth triage of alerts and host forensics analysis.
• Develop out-of-the-box and tailor-made analyses and detection to monitor the clients’ environment, often based on known threat actor tactics, techniques and procedures. This work may include research activities to support the detection development.
• Support major Incident Response engagements with accurate detection after a potential active threat actor in the client’s network.
• Work on maintaining the necessary visibility and log forwarding for the ongoing monitoring engagements, including host-based data, Cloud environments, network devices, etc.
• Apply proactive threat hunting approach in ongoing monitoring engagements, including forensic host and network-based analysis, malware hunt and wide IOC searches.
• Develop capabilities and automations for alerts handling, triage and escalation, visibility maintenance, reporting, and more.
• Onboard new customers by assessing their security posture, tailoring monitoring systems to their environment, and integrating their security frameworks into our services.
• Often work alongside global client’s security personnel when providing regular updates and following-up on alerts and security events.
• Generate and provide reports and metrics on actionable data: incidents, weekly aggregation/trending, follow up procedures, visibility status, etc.

Main Requirements

• 3-5 years of a relevant experience in the cyber security field from military service and/or industry in cyber defense roles.
• Strong analytical thinking, problem-solving mindset and independency.
• Independent, bright and positive analyst, who strive for excellency, and able to succeed in a dynamic environment.
• Basic understanding of the life cycle of advanced security threats, attack vectors and methods of exploitation.
• Hands-on experience working with SIEM technologies. (e.g. Splunk, QRadar, ArcSight, Exabeam, etc.)
• Good familiarity of common data and log sources for monitoring, detection and analysis (e.g., Event Logs, Firewall, EDR).
• Strong technical understanding of network fundamentals, common Internet protocols and system and security controls.
• Familiarity of system and security controls, including basic knowledge of host-based forensics and OS artifacts.
• Proficient knowledge and experience with scripting (e.g., Python).
• Familiarity with cloud infrastructure, web application and servers – advantage.
• Fluent English (written, spoken) – a must .
• Proven expertise in engaging with clients through effective communication and interpersonal skills.
• Willingness to work off hours as required, with a potential traveling to clients