Homeoffice Security Operations Center Analyst (Plano, US) chez Atos

Eviden is an Atos Group business with an annual revenue of circa € 5 billion and a globalleader in data-driven, trusted and sustainable digital transformation. As a next generationdigital business with worldwide leading positions in digital, cloud, data, advanced computingand security, it brings deep expertise for all industries in more than 47 countries. By unitingunique high-end technologies across the full digital continuum with 55,000 world-classtalents, Eviden expands the possibilities of data and technology, now and for generations to come.

Security Operations Center Analyst

Analyze logs, network traffic, and other data to identify potential security threats and vulnerabilities.

Respond to security incidents by investigating and mitigating threats.

Perform root cause analysis and document findings.

Coordinate with other teams to contain and remediate incidents.

Gather and analyze threat intelligence to stay updated on the latest threats and attack vectors.

Use threat intelligence to enhance detection and response capabilities.

Conduct regular vulnerability assessments and scans.

Prioritize and remediate identified vulnerabilities to reduce the attack surface.

Configure and maintain security tools and technologies by maintaining use cases, triage rules, IOA rules, and IOC lists on MDR applications and endpoint devices.

Create detailed reports on security incidents, vulnerabilities, and overall security posture.

Maintain accurate and up-to-date documentation of security processes and incidents.

Continuously monitor security alerts and events from various MDR applications

Perform threat hunting using various TH models which are built using AI and machine learning algorithms to detect anomalies in the environment and check for various attacks like data exfiltration, malware beaconing, DGA, DOS, suspicious logins, etc.

Routinely conduct investigations of the collected logs and security use case findings to further improve, refine, and enhance threat-hunting models and use cases.

Contribute to the tuning and developing threat-hunting models and SIEM use cases to enhance threat detection capabilities.

Execute threat hunts by proactively and iteratively searching through networks to detect and isolate cyber threats under the supervision of the other threat hunters.

Work with the Threat Intelligence feeds and solutions to identify threats, develop or recommend countermeasures, and perform advanced network and host analysis in the event of a compromise.

Accurately interpret and evaluate raw network traffic and network-based alerts.

Search for cyber threats and risks hiding inside the data before attacks occur. Gather as much information on threat behavior, goals, and methods as possible.

Leverage internal and external resources to research threats, vulnerabilities, and intelligence on various attackers and attack infrastructure.

Maintain awareness within the threat intelligence community of vulnerabilities being exploited and provide comprehensive assessments of the impact on our environment.

Translate TI feeds into detection and hunting strategies, hypotheses, and queries.

Utilize tools and advanced techniques to hunt and identify threats and actor groups and their motives, techniques, tools, and methods.

Identify anomalous behavior on the network or endpoint devices and be able to provide an assessment of malware behavior.

Work in a 24x7 Security Operation Center (SOC) environment.

Security Log analysis to detect attack origin, attack spread, attacker details, incident details.

Incident Response when analysis confirms actionable incident.

Analyze and respond to previously undisclosed software and hardware vulnerabilities.

REQUIREMENTS: Bachelor’s degree in Computer Science. Five (5) years in any occupation with cyber security experience. Five (5) years in any occupation with cyber security experience must include: SIEM and other security tools such as Firewall, EDR, Proxy, AIsaac MDR, CrowdStrike, or other; MDR SOC model and MDR Operations; Advanced MDR applications such as CrowdStrike Falcon, SentinelOne, AIsaac etc.; Vulnerability management tools such as Nessus, Qualys, or OpenVAS; Networking concepts (TCP/IP, DNS, HTTP/HTTPS, VPNs); Experience with threat intelligence platforms (TIPs) and frameworks such as MITRE ATT&CK; Threat Hunting using applications such as CrowdStrike OverWatch, AIsaac MDR, or other; Experience on cloud platforms (AWS, Azure, Google Cloud) and their security features; Frameworks such as GDPR, HIPAA, PCI-DSS, and NIST Cybersecurity Framework; and Experience analyzing large datasets to detect anomalies or malicious behavior.

ALTERNATE EDUCATION/EXPERIENCE REQUIREMENT: Employer will accept a Master’s degree in Computer Science and three (3) years in any occupation with cyber security experience. Must have skills listed above.

REQUIRED CERTIFICATION:  CEH (Certified Ethical Hacking) Certification

ROVING/TELECOMMUTING EMPLOYEE: Reports to company headquarters in Irving, TX. Will work at various unknown client sites throughout the U.S. for up to 100% of the time. Must be willing to travel anywhere in the U.S. and may be assigned to work at client sites across the U.S. Can work remotely or telecommute.

SALARY: $149,531 - $150,531 per year

APPLY: https://eviden.com/careers/ Job ID OGL 09

Let’s grow together.