Security Operation Centre (SOC) Specialist
GSS provides shared services to the Group companies, with Head Office in Italy and branches in 5 European countries, a total staff of about 1.000 people. Within the Chief Security Office Division, we are looking for a Security Operation Centre Specialist, who will performGSS provides shared services to the Group companies, with Head Office in Italy and branches in 5 European countries, a total staff of about 1.000 people.
Within the Chief Security Office Division, we are looking for a Security Operation Centre Specialist, who will perform the following activities:
- Develop and support central SIEM infrastructure deployed across company sites
- Perform Log sources integration and management providing analysis and trending of security log data from a large number of heterogeneous security devices
- Provide Incident Response (IR) support when analysis confirms actionable incident
- Investigate, document, and report on information security issues and emerging trends
- Act upon threat intelligence provided by Cyber Threat Intelligence function
- Respond to Information Security related queries
- Mentor and train junior analysts to enhance the overall technical skill-set of the SOC, establish analytic discipline and critical thinking, and promote greater curiosity – thinking "outside the box"
- Investigate IOCs provided by Cyber Threat Intelligence or the Cyber Hunter function
- Supporting handling incidents – encompassing multiple functions: detection and identification, incident triage
- Actively support the projects mission providing solutions, skills and experience.
- Provide support during the internal and externals Audit activities
- Integrate and share information with other analysts and other teams
- Actively Interact with SOC Level 1 team and CERT team daily basis providing support improving the quality of the services
- Expand, tune, and enhance rule-sets – SIEM, – to identify security incidents and reduce false positives
- SIEM maturity assessment
- Support in on-boarding activities of new customers or company branch offices
- Support architecture changes and design reviews
- Develop custom parsers
- Develop and maintain custom reports
- Develop and maintain a Use case factory
The ideal candidate will meet the following requirements:
- Strong expertise and experience in enterprise Cyber Security environments and Security Operation Centres
- Advanced knowledge in Enterprise SIEM platform (IBM Qradar preferred)
- Working in a 8x5 Security Operation Center (SOC L2) environment.