Security Operations Analyst (SIEM)

Security Operations Analyst (SIEM) - 6-Month Contract - Spain / fully remote

Long running contract opportunity for a Security Operations Analyst to work on a fully remote basis, or hybrid / onsite at the client's offices in Valencia, Spain. You\'ll join an existing security operations team and help manage, identify and resolve security-related incidents with the main client and its end customers. One of your main responsibilities will be the administration and engineering of SIEM platforms.

Single stage Teams interviews will take place at the end of June with onboarding in July or early August. It will be an initial 6 month contract that will extend multiple times, probably running for four years or more.

• Build, adjust and implement analytics and detection rules for SIEM, EDR and AV
• Contribute to the preparation of KPIs for cybersecurity operations capabilities
• Monitor and investigate alerts leveraging Microsoft Security Tools (e.g. M, Cloud App Security, Azure, Defender for EndPoint, Azure Security, Azure Sentinel and XDR)
• Monitor and triage AWS security events and detections
• Monitor and investigate alerts leveraging EDR solutions
• Work with alerts from the CSOC Analysts, to perform in depth analysis and triage of network security threat activity based on computer and media events, malicious code analysis, and protocol analysis
• Review trouble tickets generated by CSOC Analyst(s)
• Provide other ad hoc support as required

• Knowledge of Transmission Control Protocol / Internet Protocol (TCP / IP) protocols
• Experience with Microsoft Security Tools (e.g. M, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR
• Knowledge of Cloud technologies (e.g. Azure, AWS and GCP)
• Experience with SIEM tools like Splunk, QRadar, ArcSight, MS Sentinel, ELK Stack
• Knowledge of at least one EDR solution (MS Defender for Endpoint, SentinelOne, CrowdStrike)
• Experience in reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
• Proven experience on administering a SIEM platform, preferable either Splunk or Microsoft Defender for Identity SIEM
• Fluent English

This is a live requirement. The client is an international organisation that will look great on your CV. It offers a collaborative and enjoyable work environment, with a team of international technical professionals. If you have SOC / SOA experience and want a new opportunity, get in touch today.

#LI-AM1