SECURITY OPERATIONS CENTRE ANALYST 2 (Hybrid)
Tesco
- Praha
- Trvalý pracovní poměr
- Plný úvazek
- SIEM tooling operation or administration (e.g. Splunk, ELK Stack, QRadar)
- Utilise playbooks, checklists and online resources for guidance in response to incidents
- Hands-on experience and theoretical understanding of TCP/IP and other related network protocols: TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP
- Command line experience and using/modifying basic scripts
- Working knowledge of the Cyber Kill Chain and/or Incident Response Phases
- Broad understanding of key security concepts/principles (CIA, threats, vulnerabilities, and exploits)
- Broad understanding of commonly accepted attackers' tools and tactics
- Demonstrable curiosity, enthusiasm and pro-active attitude to security and personal development
- Commitment to driving SOC capability towards greater maturity and observing KPIs along the way
- Problem solver by nature, willingness to challenge the status quo
- Excellent interpersonal skills, written and oral communications, self-motivator
- Team player and independent worker, relationship builder
- Ability to liaise with subject matter experts, key stakeholders and colleagues at all levels
- Strong background in Information Technology; though not necessarily in security
- Proficient in at least one or more, within a corporate environment, from: Endpoint operating systems (e.g. Microsoft, Linux, and/or OS X; especially Kali)
- Core networking principles (e.g. switches, routers, wireless access points, Internet)
- Infrastructure security devices (e.g. firewalls, proxies, IDS/IPS)
- Supporting enterprise level services (e.g. AD, DNS, DHCP, IIS, Apache, VPN/DA, Databases)
- Anti-virus, anti-malware, ransomware, data leak protection
- Vulnerability management, endpoint forensics, intrusion analysis activities
- Cloud computing platform (e.g. AWS, Azure, GoogleCloud)
- Open-Source Security tools
- One or more from: Python, PowerShell, Bash, Java
- Exposure to Agile/DevOps methods of working
- CompTIA N+, CompTIA Security+, ISC2 SSCP, Splunk Power User