IT Security Upgrade Program - Establish Baseline Security for non-Integrated Companies - 50%
IT Security Upgrade Program - Control & Update Baseline Security for Integrated companies with legacy - 50%
The main responsibilities of an Information Security Consultant:
- Run the Incident/problem Management process in Security Operations;
- Ensure the delivered services are fit for purpose, carrying out relevant reviews/propose modifications as necessary;
- Cooperate with internal SIEM/SOAR development teams, L3 Incident team and other Security actors to further develop Security Operations.
- Define SLA and performance metrics of Security Operations, steer activities as per metrics;
- Monitor the performance of the external vendor’s Incident Management team, ensure SLA and KPI are met;
- Define and implement improvement plans to meet SLA and KPI;
- Coordinate the work provided and service delivered by the security partners
- Participate in defining and implementing the evolution of Security Operations: products lifecycle, transition from short term setup to longer term setup with the current partners, integration with SIEM, technology roadmap;
- Prepare and publish reporting to IT Management.
- Triage security events and incidents, detect anomalies, and report/direct remediation actions.
- Ensure confidentiality and protection of sensitive data
- Working with remediation (IT Infra & Ops) teams on events and incident mitigation
- Follow up on remediation activities
- Ideal to have cybersecurity incident discovery and event management, network forensics, IPS/IDS, firewalls, content filtering technology, DLP, configuration management and monitoring, endpoint protection, database security, and log collection and analysis understanding
- Build and maintain client relationships both internally and externally;
- Organizing and Leading Service Delivery sessions including incident review, problem resolution, capacity and planning;
- Support the Head of SOC & Security Delivery Manager in day to day activities;
- Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.)
- Experience and keen understanding of cybersecurity tools, including SIEM, IDS/IPS, antivirus and endpoint detection & response solutions.
- Experience with leading security incident response
- Involvement in threat intelligence and cybersecurity communities
- Able to multitask and give equal and/or required attention to a variety of functions while under pressure
- Ability to work independently and take ownership of projects and initiatives
- Excellent written and verbal communication skills required. Must be able to communicate technical details clearly
- Experience in developing and maintaining Play/Run-Books and/or Standard Operating Procedures in a SOC environment
- Strong troubleshooting, reasoning, and analytical problem-solving skills
- Ability to communicate technical details effectively in writing and verbally to junior IT personnel and management
- Team player with the ability to work autonomously