SOC Analyst III
UST Global® is a leading provider of platforms, digital innovation, artificial Intelligence and end-to-end IT services and solutions for Global 1000 companies. We are transforming corporations through deep domain expertise, knowledge-based ML platforms, as well as profound anthropological efforts to understand the end customer and design products and interactions that create delight. We are deeply committed to developing a comprehensive understanding of our clients’ problems and to develop platforms to address them.
CyberProof is a fully owned subsidiary of UST Global, helps companies increase their cyber resiliency and reducing their cyber risks by providing managed cyber security center out of a newly architected Security Operation Centre that dramatically increase the ability to react, detect and respond to cyber-attacks. CyberProof provides 24x7 security operations capability, supported by expert cyber security resources and cutting-edge tools, along with mature operational methodologies to address our customers cyber security operations requirements. All of our services are delivered through our advanced CyberProof Defense Centres located around the globe. Our goal is to provide enhanced detection abilities, faster response, collaborative issue resolution, effective recovery and actionable intelligence delivered through our state-of-the-art Security Orchestration, Automation and Response platform to increase scale and differentiation for our customers.
At the core of what we do is our people. The Security Operations Group of CyberProof consists of a global team of highly talented people. With 100+ highly experienced, certified cyber security experts, researchers and analysts, majority of our tier 3-4 expertise comes from Israeli Intelligence. This group strategize, develop and execute all cyber security activities locally and globally. Individuals and teams in this group work closely with client cyber security team and customer CISOs, CIO’s and/or senior business management on business & cyber security strategies and solutions.
Areas of responsibilities:
- Advanced monitoring of system logs, SIEM tools and network traffic for unusual or suspicious activity.
- SIEM (Security Information and Event Management):
· Setting up various SIEM solutions and troubleshooting connectivity issues.
· Investigate and resolve security violations by providing postmortem analysis to illuminate the issues and possible solutions.
- Collate security incident and event data to produce monthly exception and management reports.
- Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.
- Develop and maintain documentation for security systems and procedures.
- Recommend, schedule and/or apply fixes, security patches and any other measures required in the event of a security breach.
- Analysis and review of logs and cyber event alerts
- Investigate suspicious security event activity, security breaches and other cyber security incidents
- Assess damage, document findings and recommendations
- Work with security team to perform tests and uncover network vulnerabilities
- Maintain and enforce adherence to corporate procedures, standards and policies
- Maintain and update functionality and procedures of the documentation
- Keep up to date with latest security information and threat intelligence
- Research the latest information technology (IT) security trends
- Validate security analysis and identify latest capabilities of the monitoring technologies
- Research and understand the currently published vulnerabilities of enterprise hardware, software, operating systems, appliance, and applications etc
- Gather and distribute technical information pertaining to new security threats and vulnerability trends
- Produce reporting and documentation to customers, internal team and management
- Experience working with different Siem vendors like Qradar, Archsight, RSA, Logrythem
- Experience in incident response, writing procedures runbooks and playbooks
- Ability to work with customer's IT and security teams as well as directors’ level.