Security Operations Analyst (SIEM Technologies)

Job Summary Trigyn has a contractual opportunity for a Security Operations Analyst (SIEM Technologies). This resource will be working Remotely.Job Description The incumbent will be part of the Cybersecurity Operations Section (CSO) to provide front line support to the client and other related international organizations, in collaboration with a team of information and cyber security experts. The resource will be part of the 24x7 Security Operations Centre (CSOC) and will work in close collaboration with team members distributed around the globe to monitor, detect, triage, investigate and respond to cyber threats targeting its Clients and Partner Organizations. Within the different activities performed by the CSOC team, the resource will focus mainly, but not exclusively, on the part related to the administration and engineering of SIEM platforms.Responsibilities Build, adjust and implement analytics and detection rules for SIEM, EDR and AV in close collaboration.Participate in cybersecurity architecture review of new or existing technical solutions and provide recommendations for improvement under guidance.Work directly with cyber threat intelligence analysts to convert intelligence into useful detection rules.Collaborate with incident response team to rapidly build detection rules and signatures as needed, as well as maintaining and improving existing detection rules.Contribute to the preparation of KPIs for cybersecurity operations capabilities.Monitor, triage, and investigate security alerts across Microsoft security tools, AWS, SIEM platforms, and EDR solutions.Identify root causes, direct remediation and recovery actions, and support incident response efforts.Follow structured analytical processes and collaborate with other analysts and teams to ensure effective threat management.Prepare and present security reports, summaries, and findings to clients.Contribute to the improvement of CSOC processes and procedures, including quality control procedures, documentation and knowledge base updates.Gather the necessary information from the client to identify opportunities for whitelist tuning and optimization to reduce false positives and enhance detection quality.Review feedback and implement corrective actions to maintain service excellence.Provide other ad hoc support as required.Participate in on-call rotation.Required Technical Skills Minimum of five (5) years of relevant experience in information technology field, including triage of alerts and supporting security incidents.Proven experience administering a SIEM platform, preferably either Splunk or Microsoft Sentinel SIEM.Proven experience with the usual toolbox available in a SOC (e.g., SIEMs, EDRs) and being able to autonomously perform technical analysis of security threats and collaborate with Incident Response team.Deep knowledge of Microsoft Security Tools (e.g., M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR).Deep Knowledge of Cloud technologies (Azure, AWS and GCP).Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, MS Sentinel, ELK Stack.Knowledge of at least one EDR solution (MS Defender for Endpoint, CrowdStrike).Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols.Knowledge of email security, network monitoring, and incident response.Knowledge of Linux/Mac/Windows.Expert knowledge of English, both written and spoken.Desired Technical Skills Experience in building SIEM architectures from initial design to implementation, including designing data ingestion pipelines for diverse log sources across cloud and on-prem environments.Proven knowledge of monitoring AWS environment (IaaS, SaaS, PaaS).Knowledge of at least one general-purpose or shell scripting language (e.g., Ruby, Bash, PowerShell, Python, etc.).Required Soft Skills Excellent communication skills.Customer-facing experience and oral communication skills.Ability to write documentation & reports.Creativity / ability to find innovative solutions.Willingness to learn on the job.Conflict management & cooperation.Desirable Certifications Technical certifications: MCSE, CCNA, Microsoft Azure (e.g., SC-200), GCIH, CEH, GCFA or any GIAC/similar certification.Relevant industry certifications.#J-18808-Ljbffr

Job Summary Trigyn has a contractual opportunity for a Security Operations Analyst (SIEM Technologies). This resource will be working Remotely.Job Description The incumbent will be part of the Cybersecurity Operations Section (CSO) to provide front line support to the client and other related international organizations, in collaboration with a team of information and cyber security experts. The resource will be part of the 24x7 Security Operations Centre (CSOC) and will work in close collaboration with team members distributed around the globe to monitor, detect, triage, investigate and respond to cyber threats targeting its Clients and Partner Organizations. Within the different activities performed by the CSOC team, the resource will focus mainly, but not exclusively, on the part related to the administration and engineering of SIEM platforms.Responsibilities Build, adjust and implement analytics and detection rules for SIEM, EDR and AV in close collaboration.Participate in cybersecurity architecture review of new or existing technical solutions and provide recommendations for improvement under guidance.Work directly with cyber threat intelligence analysts to convert intelligence into useful detection rules.Collaborate with incident response team to rapidly build detection rules and signatures as needed, as well as maintaining and improving existing detection rules.Contribute to the preparation of KPIs for cybersecurity operations capabilities.Monitor, triage, and investigate security alerts across Microsoft security tools, AWS, SIEM platforms, and EDR solutions.Identify root causes, direct remediation and recovery actions, and support incident response efforts.Follow structured analytical processes and collaborate with other analysts and teams to ensure effective threat management.Prepare and present security reports, summaries, and findings to clients.Contribute to the improvement of CSOC processes and procedures, including quality control procedures, documentation and knowledge base updates.Gather the necessary information from the client to identify opportunities for whitelist tuning and optimization to reduce false positives and enhance detection quality.Review feedback and implement corrective actions to maintain service excellence.Provide other ad hoc support as required.Participate in on-call rotation.Required Technical Skills Minimum of five (5) years of relevant experience in information technology field, including triage of alerts and supporting security incidents.Proven experience administering a SIEM platform, preferably either Splunk or Microsoft Sentinel SIEM.Proven experience with the usual toolbox available in a SOC (e.g., SIEMs, EDRs) and being able to autonomously perform technical analysis of security threats and collaborate with Incident Response team.Deep knowledge of Microsoft Security Tools (e.g., M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR).Deep Knowledge of Cloud technologies (Azure, AWS and GCP).Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, MS Sentinel, ELK Stack.Knowledge of at least one EDR solution (MS Defender for Endpoint, CrowdStrike).Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols.Knowledge of email security, network monitoring, and incident response.Knowledge of Linux/Mac/Windows.Expert knowledge of English, both written and spoken.Desired Technical Skills Experience in building SIEM architectures from initial design to implementation, including designing data ingestion pipelines for diverse log sources across cloud and on-prem environments.Proven knowledge of monitoring AWS environment (IaaS, SaaS, PaaS).Knowledge of at least one general-purpose or shell scripting language (e.g., Ruby, Bash, PowerShell, Python, etc.).Required Soft Skills Excellent communication skills.Customer-facing experience and oral communication skills.Ability to write documentation & reports.Creativity / ability to find innovative solutions.Willingness to learn on the job.Conflict management & cooperation.Desirable Certifications Technical certifications: MCSE, CCNA, Microsoft Azure (e.g., SC-200), GCIH, CEH, GCFA or any GIAC/similar certification.Relevant industry certifications.#J-18808-Ljbffr

• 

• Government Careers