Enterprise Network Security Analyst – Intrusion Detection Expert

Position Id: G0625-0040

Job Type: 4-6 months (contract)

Country: Spain

Pay Rate: Open

Trigyn has a contractual opportunity for an Enterprise Network Security Analyst – Intrusion Detection Expert. This resource will be working at our client site in Valencia, Spain

Job Description:

The position of the Enterprise Network Security Expert / Intrusion Detection Analyst is organizationally placed in the Information Security Unit. In this capacity, the Analyst will be primarily responsible for monitoring information systems’ assets for indications of potential security incidents by using a variety of tools and analyzing various data. The Analyst will work with third-party provided IDS service providers, and various ICT groups globally in the identification, analysis and interpretation of various security event information, including alerts. The Analyst will act as an escalation point for security incidents, and will provide recommendations to enable effective and timely implementation of containment actions, will identify trends and formulate periodic reports. The Analyst will also be monitoring various public resources for security alerts and other security-relevant information including industry security alerts, security advisories, and etc.

Specific responsibilities:

• Monitor and analyze various data sources for malicious or anomalous activities using existing tools, developed scripts and new detection techniques. Perform log parsing and correlation.
• Interpret data for security significance from sources including but not limited to firewalls, IDS, anti-malware, OS and application logs, data collected from various end-points, and packet captures.
• Monitor various resources for security alerts and other security-relevant information including industry security alerts, security advisories, and distribute security notifications in adherence with the established notification/security information sharing protocols.
• Determine the impact and severity of incidents.
• Perform forensics including malware analysis.
• Make remediation recommendations and escalate incidents.
• Contribute to formulating incident management operating procedures and support operational teams in implementing incident response actions.
• Formulate security event and incident reports.
• Assist in coordinating incident response activities.
• Review IDS events; perform IDS signature tuning and assist in reducing false positives.
• Liaise with internal IT groups and other constituencies including counterparts in partner organizations and third-party security services providers.

Qualifications:

• An advanced university degree (Master’s degree or equivalent), preferably in computer engineering or Information Systems or Electrical Engineering, is highly desirable. A first-level university degree with a relevant combination of academic qualifications and experience in networking may be accepted in lieu of the advanced university degree.
• 4-6 years of progressively responsible experience in designing, installing, and managing intrusion detection and other information security systems that support medium or large centralized and globally distributed communications. Experience with TCP/IP networking (LAN, MAN, WAN) systems is required.
• Knowledge of network security, current information security threats and incident management concepts and practices.
• Hands-on experience in monitoring logs generated by various systems/devices including Security Incident and Event Management (SIEM) for security events and using log management and analysis tools (such as Splunk, ArcSight, etc.).
• Hands-on experience with IDS tools.
• Hands-on experience in logs analysis, events characterization, correlation, and signature optimization and tuning.
• Experience working in a security operations center (SOC) or similar environments.
• Knowledge of current malware threats, behavior, propagation, and malware protection techniques.
• Malware analysis skills and knowledge of reverse engineering techniques, and use of virtual sandbox environments to support data extraction correlation and discovery.
• Experience in monitoring of networks, operating systems, databases, applications, and security systems.
• Experience in Shell / Perl / Python scripting, and in use of regular expressions.
• Computer and network forensic skills. Experience with forensic principles, techniques, and tools such as EnCase.
• Knowledge and experience of security incident management.
• Network and web application vulnerability and penetration testing skills.
• Demonstrated professional experience developing and optimizing firewall security policies.
• Demonstrated expert knowledge of network security concepts.
• Excellent technical skills.
• Excellent analytical skills.
• Excellent interpersonal and communication (verbal and written) skills in English.
• Ability to work in a multi-cultural environment.
• Ability to work in an organized and logical manner.
• Ability to work well under pressure.
• Certifications like CISSP, CEH, GCIH, GCIA, GCFA, GREM, GCED are desirable.

TRIGYN TECHNOLOGIES is a multinational IT services company with resources deployed in 28 countries. TRIGYN is an ISO 9001:2015, ISO 27001:2022 (ISMS) and CMMI Level 5 certified company. TRIGYN has offices in the United States, Canada, Switzerland and India.