Job offer
Security analyst
We are currently looking for a Security Analyst for our client, a leading IT company in Dublin.
Responsibilities
What we will do for you
- On a daily basis, you'll find the most malicious attacker activity the Internet has to offer
- Let you scour systems and analyze tons of network traffic looking for attacker presence
- Be Challenged to evolve how we detect and respond to attackers by authoring new and innovative Indicators of Compromise
- Expose you to some of the most exciting and cutting edge techniques to find evil
- Training and continuous coaching and mentoring to grow your technical and professional skills like no one else
- Work with a team of brilliant people that you can learn from and build lasting relationships with
- Develop an understanding of your aspirations and provide opportunities that we believe will get you there
- Inspiration to stretch your performance by allowing you to tackle seemingly impossible problems
- Encouragement challenge the status quo, think creatively, and innovate –make us better
- An environment of trust and camaraderie, where you can speak freely about your ideas
- A platform from which you can make a real impact against the bad guys
- Develop an understanding of, and be flexible to, your needs
What you can do for us
- Get your toolbox out and dive deep into systems to help us identify and eradicate attackers
- Use your insanely keen network analysis skills to find evil on the wire
- Define relationships between seemingly unrelated events through deductive reasoning
- Come up with ways to do things faster, better and more effectively while maintaining a laser focus on quality
- Be fanatical about delighting our customers
- Be honest, transparent and genuine with our customers and your peers
- Exude excellence
- Make sure you have fun – lots of it
- Help us protect the world
- Work hard, but smart; balance your work and life
What you can bring with you
- The ability to analyze event and systems logs, perform forensic analysis, analyze malware, and other incident response related data, as needed.
- Deep understanding of incident response best practices and processes
- Familiarity with intrusion detection systems (e.g., snort) and tools (e.g., tcpdump, Wireshark).
- Knowledge of attack vectors, threat tactics and attacker techniques.
- Familiarity with network architecture and security infrastructure placement.
- Understanding of Windows operating systems and command line tools.
- A solid foundation in networking fundamentals, with a deep understanding of TCP/IP and other core protocols.
- Knowledge of network based services and client/server applications.
- Your bachelors degree – or a very convincing argument.
Additional qualifications
- Degree in computer science, or related discipline
- Experience working on a mission critical security operations team, preferably 24x7.
- Exemplary communication and interpersonal skill.
- Ability to document and explain technical details clearly and concisely.
- A willingness to be challenged and a strong desire to learn.
- An open mind and an appetite for excellence
Network
- Wireshark
- Understand a signature
- Protocol - timing, data sizes, commands
- Context - inbound vs outbound (webshells), DNS servers vs HTTP proxy
- Components - C2 interaction vs beaconing vs profiling
- Knowing the Internet - identifying something as legitimate vs malicious
- Intel querying vs OSINT
- Knowledge of protocols - SMB, HTTP Proxy, DNS, ICMP
- Netflow Analysis
- Perform queries to gain additional context
- Understanding ports, sessions length, direction
- DNS & HTTP
- Collect and analyse DNS/HTTP logs for additional context
- Signatures
- Identify issues with signatures and propose improvements
Endpoint
- Hit Review
- Understand a signature
- IOCs intent - what it's looking for, what it hit on, caveats
- Context - malware, decoy, side-loaded DLL (legit binary), tools, methodology
- Triaging
- Collecting forensic information to determine TP vs FP
- Malware triaging - assessing MTA and performing dynamic analysis in VM
- Signatures
- Identify issues with signatures and propose improvements
- Live Response
- Build LR timelines under supervision
- Threat Intel
- Understand how malware and tools are used by the threat actors