Full Job Description
The primary function of the Security Analyst is to analyze any incidents escalated by the
Level 1 Security Engineer and undertake a detailed investigation of the Security Event. The
The security Analyst shall determine whether the security event will be classified as an incident.
They will be coordinating with the customer IT and Security team for the resolution of the
Roles and Responsibilities:
Escalate validated and confirmed incidents to the designated incident response
Notify the Client of the incident and required mitigation works.
Fine-tune SIEM rules to reduce false positives and remove false negatives.
Collect global threat intelligence and internal threats then inject actions based on
analysis and recommendation.
Proactively research and monitor security information to identify potential threats that
may impact the organization.
Develop and distribute information and alerts on required corrective actions to the
Learn new attack patterns, and actively participate in security forums.
Work closely with Vulnerability Management and designated incident response team.
Understand the structure and the meaning of logs from different log sources such as
FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email
Understand the subject of SIEM alarms
Perform Ad-hoc training for L1 analysis.
Perform threat intel research.
Ability to run and understand Sandbox Static Analysis.
Open and update incidents in ITSM to report the alarms triggered or threats detected.
The analyst should properly include for each incident all details related to the logs,
alarms, and other indicators identified in accordance with the intervention protocol of
each client and the SLA.
Track and update incidents and requests based on the client’s updates and analysis
Skills and Qualifications:
Knowledge and hands-on experience in the implementation and management of
IDS/IPS, Firewall, VPN, and other security products.
Experience with Security Information Event Management (SIEM) tools, creating
advanced co-relation rules, administration of SIEM, system hardening, and
Should have expertise in TCP/IP network traffic and event log analysis.
Knowledge and hands-on experience with any of the SIEM tools like LogRhythm,
QRadar, Arcsight, Splunk, or any SIEM tool.
Knowledge of ITIL disciplines such as Incident, Problem, and Change Management.
Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate,
PaloAlto and Sonicwall firewalls would be an added advantage.
Job Category Cyber Security