Position

Department
Security Operations Center\Information Security
Reports TSOC Manager
Location Head Office\Remote
Job Purpose
Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within bank environments for the purposes of mitigating threats.
Duties & Responsibilities

Working closely with IT admins to minimize false positives from the security tools.
Full root cause analysis and level 1 incident investigation.
Provide Incident Response actions and remediation recommendations
Full Incident Management and Incident Resolution
Threat Intelligence and ongoing information Gathering
Security Events Trend Analysis
Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
Create knowledge base article with incident details along with the resolution, which serves as a reference to SOC team in case of repetition of the same/similar incident in future.
Track, analyse and understand the characteristics of latest threats, malware and vulnerability information and perform an assessment of the applicability of the same to the environment.
Translate the logic to implementation by configuring resources such as Rules, Reports, Dashboards and Filters …etc. in SOC monitoring tools to detect the threats or anomalies.
Create and maintain the alerts/dashboards/ reports inventory document.
Analyse and investigate the alerts in SOC monitoring tools to report any abnormal behaviours, suspicious activities, traffic anomalies etc.
Develop and configure use cases in SOC monitoring tools to detect and alert the non-compliance status and support the threat detection guidelines as per IT security team.
Ensure that security significant logs are available in SOC monitoring tools for analysis and investigation.
Internal Contacts
Information Technology sector, end user
External Contacts
Central Bank of Egypt (CBE)
Requirements
– Qualifications
Holds Bachelor’s degree in Engineering, Computer Science, Cyber Security or any related field, Information Technology Institute (ITI) graduates preferably majoring in Security Operations
Hold at least one of the following SANS certifications:
GIAC Certified Incident Handler (GCIH)
GIAC Certified Intrusion Analyst (GCIA)
Or equivalent EC-Council certificates such as
Certified Ethical Hacker (C|EH)
Computer Hacking Forensic Investigator (CHFI)
Certified Incident Handler (ECIH)
Preferably have one of the following certifications: CCNA Security, Security +
Language
Arabic, English
Experience
At least 3 – 5 year’s professional IT experience or working in a Security Operations Center (SOC)
Incident Management and Response
Advanced Experience in security device management and SIEM
Knowledge in Security Scans.
Good Analytical skills, Problem solving and Interpersonal skills.
Knowledge of security concepts such as cyber-attacks and techniques, threat vectors.
Needed Skills & Knowledge
Ability to:
Analyze malware.
Conduct vulnerability scans and recognize vulnerabilities in security systems.
Accurately and completely source all data used in intelligence, assessment and/or planning products.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Apply techniques for detecting host and network-based intrusions using IDS technologies.
Interpret the information collected by network tools (e.g., Nslookup, Ping, and Traceroute).
Knowledge of:
Computer networking concepts and protocols, and network security methodologies.
Risk management processes (e.g., methods for assessing and mitigating risk).
Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Cybersecurity and privacy principles.
Cyber threats and vulnerabilities.
Specific operational impacts of cybersecurity lapses.
Authentication, authorization, and access control methods.
Cyber defense and vulnerability assessment tools and their capabilities.
Computer algorithms. Encryption algorithms
Cryptography and cryptographic key management concepts
Database systems.
Host/network access control mechanisms (e.g., access control list, capabilities lists).
Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
Incident response and handling methodologies.
Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Intrusion detection methodologies and techniques for detecting host and network-based intrusions.
Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Network access, identity, and access management (e.g., public key infrastructure, Oauth, SAML).
Network traffic analysis methods.
New and emerging information technology (IT) and cybersecurity technologies.
Operating systems.
Traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
Policy-based and risk adaptive access controls.
System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Key concepts in security management (e.g., Release Management, Patch Management).
Security system design tools, methods, and techniques.
Telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
Virtual Private Network (VPN) security.
What constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
Insider Threat investigations, reporting, investigative tools and laws/regulations.
Adversarial tactics, techniques, and procedures.
Network tools (e.g., ping, traceroute, Nslookup)
Defense-in-depth principles and network security architecture.
Different types of network communication (e.g., LAN, WAN, MAN, WLAN).
File extensions (e.g., .dll, .bat, .zip, .pcap, .gzip).
Interpreted and compiled computer languages.
Collection management processes, capabilities, and limitations.
Front-end collection systems, including traffic collection, filtering, and selection.
Cyber defense and information security policies, procedures, and regulations.
Common attack vectors on the network layer.
Different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
Cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
System administration, network, and operating system hardening techniques.
Cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
Network security architecture concepts including topology, protocols, components, and principles
Network systems management principles, models, methods, and tools.
Encryption methodologies.
Signature implementation impact for viruses, malware, and attacks.
Windows/Unix ports and services.
Security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
OSI model and underlying network protocols (e.g., TCP/IP).
Relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities.
Payment Card Industry (PCI) data security standards.
Systems security testing and evaluation methods.
Network mapping and recreating network topologies.
Packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
The use of sub-netting tools.
Operating system command-line tools.
Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
Network protocols such as TCP/IP, DHCP, Domain Name System (DNS), and directory services.
How to use network analysis tools to identify vulnerabilities.
Penetration testing principles, tools, and techniques.
Application Security Risks (e.g., OWASP Top 10 list)
Skills to:
Detect host and network-based intrusions via intrusion detection technologies
Determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Evaluate the adequacy of security designs
Use incident handling methodologies.
Use protocol analyzers.
Collect data from a variety of cyber defense resources.
Recognize and categorize types of vulnerabilities and associated attacks.
Perform packet-level analysis.
Recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).