NGSC tuyển dụng tại Hà Nội - Tháng 6/2022
POSITION: SOC monitoring
Educational Level: University Graduated
Work Experience: Min 2 years of experiences in IT Security
Specialty/Qualification: Engineering / Information Technology / Information Security
- Experiences on building and operating at least one or more systems such as SIEM (Qradar, HP Arcsight, Splunk…), NDR, XOAR, IDS/IPS… or similar vendors
- Good knowledge of log types such as: application log, syslog, netflow, log of security devices…
- Understanding potential risks, threat, vulnerability and incident response. Be knowledgeable about the types of attacks on infrastructure or services
- Security Certifications/licenses: CCNA/MCSA/CEH/LPI… or similar security skills
- Working knowledge of IT systems, networks, firewalls, proxies and security systems
- Experiences of programming skills such as Python/Perl/Java, Power shell/Bash script, C/C++ or other scripting languages etc
- Good communication skills
Competency: Definition is described in “Competency reference of NSRP Performance Appraisal.
- Achievement orientation - Common
- Challenge - Common
- Inter-personnel - Common
- Professional skill, Knowledge - In particular
- Decision-making, Judgment - Common
- Planning, Creativity - Common
- Negotiation - Common
- Development others - Common
- Monitor sources of potential security incidents, health alerts with monitored solutions and requests for information. Escalate potential security incidents to client personnel, implements countermeasures in response to others, and recommend operational improvements
- Conduct log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources.
- Support the investigation of large- and small-scale cyber breaches.
Responsibility: For this position, minimum works are as follows
- Review security logs and alerts in real time to identify and malicious activities
- Monitoring and analysis of cyber security events with the use of QRadar (SIEM), IDS/IPS, McAfee antivirus and other tools
- Creates, modifies, and updates Security Information Event Management (SIEM) rules.Recognizes potential, successful and unsuccessful intrusion attempts and compromises through
- reviews and analyses of relevant event detail and summary information.
- Execution of SOC procedures, defined playbook
- Communicates alerts to owners regarding intrusions and compromises to their network infrastructure, applications and operating systems
- Triage security events and incidents, detect anomalies, alert and report remediation actions.
- Ensure completeness of the incident information.
- Escalation of incidents to be handled to L2 SOC team, when relevant
- Follow up on remediation activities
- Triage on general information security tickets
Accountability, Duty: To achieve the followings through the above responsibility
- Maintain safe and stable operation
- Keep required quality of service
- Strict adherence to policies and procedures, in particular IT security policies.