Fluency in English both written and oral is mandatory
Westbourne IT Global Services is a transglobal organisation currently with Delivery Centres in Auckland, Cork and Foster City. Our business strategy is to significantly grow and expand our business over the next 2 - 3 years through a combination of organic growth and acquisitions. Our core differentiator is our ability to deliver scalable and world class 24*7 technical helpdesks. Our target market is a combination of Fortune 500 clients and high growth companies in the pharma, life sciences and IOT/manufacturing sectors. We have built our established reputation with an impressive list of long standing clients because of our unique culture. This culture places innovation, problem solving, people engagement and trust at the heart of our company. Our mission is to be a global leader in innovative IT customer support solutions that meet and exceed our business partners requirements.
This position is within the Security Team, who continuously provides analysis and monitoring of the clients environments and systems to identify suspected malicious or other unauthorised activity across our systems and networks
Provides first level response for security events including but not limited to intrusion detection, malware infections, denial of service attacks, privileged account misuse and network breaches. The event management includes triage, correlation and enrichment of individual events to either rule out as false positive, trigger standard detective and corrective responses, or escalating as a security incident.
Creates and maintain system documentation for security event processing. Expands the usage of security monitoring tools to improve the security of the environment based on business use cases or changes in threat landscape, root causes from security incident response, or output from security analytics
Duties & Responsibilities:
Collects, analyses, and enriches event information and perform threat or target analysis duties.
Interprets, analyses, and reports all events and anomalies in accordance with Computer Network Directives, including initiating, responding, and reporting discovered events.
Manages and executes multi-level responses and addresses reported or detected incidents.
Providing reporting and metrics around security monitoring by designing dashboards for asset owners and management consumption.
Coordinates and distributes directives, vulnerability, and threat advisories to identified consumers.
Develops focused reporting and briefings for advanced cyber threats and activity to various teams and leaders.
Improving the service level for security operations and monitoring. Creating and maintaining system documentation for security event processing.
Review current tooling to identify incremental monitoring opportunities, and communicate needs to engineering teams that support SOC
Triage SIEM alerts to determine False Positive, Incident, or Technology Misconfiguration
Perform research, sometime at the request of Incident Response teams, to:
oMake recommendations on security enhancements to management
oStay up to date on IT and Security trends and standards
oHelp develop triage plans
Perform case management activities to ensure successful BAU Security Monitoring Operations, including:
oDocumenting case activities in the system of record
oDocumenting current case notes sufficient for effective shift handover, as well as reviewing current status via phone call or in person
oEngaging in all forms of communications (e.g. phone calls, instant-messaging, web page updates) to ensure cases are efficiently investigated by all approved parties, regardless of what company, department, or team they are a member of
Author Standard Operating Procedures (SOPs), such as:
oIncident detection use case needs, logic, and implementation methods
ouse case alert triage workflows
oRecommending, then implementing approved program improvements
Other SOC Analyst tasks as required
Knowledge, Experience and Skills/
Bachelor's degree in computer science or related field with three years of related technical experience
Experience in information security or related field.
Experience with computer network penetration testing and techniques.
Background in hands on networking experience, including the understanding TCP/IP, firewalls, proxies, SIEM, antivirus, and IDPS
Ability to write scripts in various languages, such as PowerShell or Python
Self-motivated and able to work in an independent manner, but work as part of a larger team
Experience and proficiency in various toolsets and best practices
Westbourne IT Global Services