Région
Contrat
Brayton Global is a fast growing company based in Brussels and specialized in IT.
Our target is to find you the best position where you will flourish and go beyond your limits
We are looking for a SOC Analyst to work for one of our prestigious client in Brussels, Belgium.
Our customer is currently looking for a Security Operations Centre Analyst.
Nature of Services
The primary objective of this service is to act as the first line of response regarding the potential occurrence of a cyber-attack or security incident. Supported by several automated tools such as intrusion detection systems, log correlation engines and SIEM, ticketing system, alerts and warning from internal and external sources, this service involves receiving, triaging, and responding to alerts, requests, and reports, and analyzing events and potential incidents and to provide the primary support for incident responders. Triage involves assessing whether a security incident or the level of exposure of a vulnerability is a true or false positive, tagging the vulnerability or incident with an initial severity classification and to activate the corresponding incident response playbook entry. Another objective of this service is to follow pre-defined procedures to perform technical tasks related to identity and access management.
Main Tasks
This list is not exhaustive and may evolve in time, also depending on the type of assignment:
Required expertise:
Certifications: At least 1 certification in the field of incident handling is mandatory:
Methodologies:
Risk Assessment methodologies: EBIOS, CRAMM, PILAR or equivalent (subject to acceptance by the Contracting EU-I): DESIRABLE / 1 year of experience
Standards:
STIX (Structured Threat Information Expression) with a particular focus on the following related standards:
CybOX (Cyber Observables): DESIRABLE / 3 years of experience
CAPEC (Attack Patterns): DESIRABLE / 3 years of experience
MAEC (Malware): DESIRABLE / 3 years of experience
TAXII (Threat Information Exchange): DESIRABLE / 3 years of experience
Specific Skills:
Networking (TCP/IP, SNMP, DNS, Syslog-ng, etc.): MANDATORY / 5 years of experience
Experience in using, configuring, and tuning a SIEM: MANDATORY / 3 years of experience
Knowledge in network security solution/technologies: MANDATORY / 4 years of experience
Knowledge in Host based security solutions : MANDATORY / 4 years of experience
Strong knowledge in Windows security events analysis: MANDATORY / 5 years of experience
Strong knowledge in the security analysis of firewall, proxy, and IDS logs: MANDATORY / 5 years of experience
Writing and optimizing IDS signatures (preferably SNORT and/or SURICATA): MANDATORY / 3 years of experience
Strong knowledge in the security analysis of Applicable or Middleware logs (Oracle, Apache, WebLogic): MANDATORY / 5 years of experience
Writing and optimizing YARA rules: MANDATORY / 3 years of experience
Products / Tools:
SIEM (Arcsight ESM 6.x, Q-RADAR, or equivalent - subject to acceptance by the contracting EU-I): MANDATORY / 4 years of experience
Log management solution (Arcsight Loggers and/or Q- RADAR and/or Splunk or equivalent - subject to acceptance of the contracting EU-I)): MANDATORY / 4 years of experience
SNORT or SourceFire NGIPS, FireSIGHT: MANDATORY / 2 years of experience
Suricata/StamusNetworks: DESIRABLE / 1 year of experience
ELK (Elasticsearch, Logstash & Kibana): DESIRABLE / 1 year of experience
FireEye Ex, Nx, Ax, Fx, Hx, Ix: DESIRABLE / 1 year of experience
CheckPoint and Juniper Firewalls: MANDATORY / 3 years of experience
BlueCoat proxies: MANDATORY / 3 years of experience
You can simply apply by clicking the APPLY button