we are looking for a MXDR Analyst to join the team of cybersecurity analysts monitoring services 24/7. The role includes development of detection analyses, triage of alerts, investigation of security incidents, proactive threat hunting and enhancement of sensors and overall visibility status. The suitable candidate should be a team player with previous experience in SOC, SecOps or security monitoring, independent, and with a can-do attitude.
Responsibilities:
Working across all areas of SOC, including continuous monitoring and analysis, threat hunting, security compliance, security event auditing and analysis, rule development and tuning, and forensics.
Solving security incidents in accordance with defined service level agreements and objectives.
Prioritizing and differentiating between potential incidents and false alarms.
Addressing clients enquiries via phone, email, and live chat.
Working side-by-side with customers, providing insightful incident reports.
Working closely with peers and higher-tier analysts to ensure that your analysis work meets quality standards.
Identifying opportunities for improvement and automation within the MXDR Operation Lead, and leading efforts to operationalize ideas.
Identifying and offering solutions to gaps in current capabilities, visibility, and security posture.
Correlating information from disparate sources to develop novel detection methods.
Requirements: At least one year of experience in a SOC/MDR or Managed EDR service, including night and weekend shifts.
Strong analytical thinker, problem-solving mindset, and ability to succeed in a dynamic environment.
Independent, bright and positive analyst who strives for excellence.
Proficiency and experience with scripting (Python).
Strong capabilities in drafting cyber security reports for clients.
Basic understanding of the lifecycle of advanced security threats, attack vectors, and methods of exploitation.
Hands-on experience working with SIEM technologies. (e.g. Splunk, QRadar, ArcSight, Exabeam, etc.)
Familiarity with common data and log sources for monitoring, detection and analysis (e.g., Event Logs, firewall, EDR).
Strong technical understanding of network fundamentals, common internet protocols, and system and security controls.
Basic knowledge of host-based forensics and OS artifacts.
Familiarity with cloud infrastructure, web application and servers - an advantage.
Fluent English (written, spoken) - a must. Another language - an advantage.
This position is open to all candidates.