Date: Jun 13, 2019
We are now looking for an Information and Communication Technology (ICT) Security Specialist. In this role, you will ensure proper protection of information assets, accessed through the Ericsson IT environment. You will be a key player by providing IT security operations, expertise, support and solutions, based on the IT Security requirements and enabling compliance with applicable internal /external requirements, laws, regulations and standards.
- Co-ordinate Security Monitoring and Incident Handling efforts across multiple business units during response.
- Perform hunting exercises using threat intelligence, analysis of anomalous log data and results of historical events and data to detect and response to threats.
- Develop anomaly detection dashboards and reports to identify potential threats, suspicious activity and intrusions.
- Monitoring for security indicators by corelating and analyzing a variety of application, network and host-based security logs and determining the correct remediation actions and escalation path for each incident.
- Assist with the development of processes and procedures to improve security operations functions, Incident response times, analysis of incidents, and overall SMIH functions.
- Create repeatable processes for continuous testing and monitoring of IOC’s following proven methodology.
- Develop scripts, processes and content to improve detective capabilities.
- Research Industry trends, identify ongoing security threats, analyze new security tools and provide recommendation on the need and usefulness of services and/or products. Evaluate and recommend new and emerging security solutions and technologies.
- Knowledge of the chain of custody process and properly securing evidence.
- Effectively communicate security concepts with both technical and non-technical individuals.
- Provide information regarding intrusion events, security incidents and other threat indications and warning information to teams and leadership as a part of incident response. Author post mortem reports to be provided to senior leadership.
- To manage the performance of security operations (24 x 7, 365 days per year) and ensure that Operational objectives are achieved.
- Good knowledge about process / metrics and IT Security Controls. Ability to create new process and reporting matrices as and when required
- Responsible to execute Ericsson IT Security process.
- Identify and Drive process improvements in Security Operations and Incidents and project to the next level to implement
- Developing less experienced (L1 and L2) team members to improve their technical and problem-solving skills
- Good knowledge of security tools and technology such as Network IDS/IPS, Firewall, Host IDS / IPS, Antivirus, Windows Active Directory and Linux Operating System.
- Acquire and analyze the triage on all incidents to rapidly diagnose problems and identify immediate treatment.
- Perform detailed security event analysis, event investigation and validation, correlation and trending to ensure threats are identified and escalated accordingly
- Investigate and find root causes of incidents and document the lessons learned.
- Provide recommendation plan to coordinate/support incident response process for remediation
- Good technical skill in malware analysis and reverse engineering.
- Perform root cause analysis, trending and reporting for critical security incidents
- Develop and Implement Use Cases for security event and incident management (leveraging SIEM solutions and other technologies)
- Identify technologies and solutions related to infrastructure and business applications that are to be monitored for security threat detection
- Analyze and contextualize threat intelligence feeds (zero-day vulnerabilities, malware, etc.) and provide applicable solutions to implement protective controls and/or countermeasures
- Perform analysis and identify opportunities tune and improve efficiency of SIEM, IDS/IPS, Malware detection technologies, and other technologies related to detecting emerging threats.
- Develop and execute continuous improvement plan to optimize and improve efficiency of various cyber defense technologies.
- Perform routine security functions for risk detection, prevention, and response
- Demonstrate technical skills in security architecture review, secure network design review, gap analysis and opportunity to fine-time and/or integrate security technologies
- Experience in IT Security and risk management. IT Security related certification like CEH, CISSP, CCSK, CHFI and Incident Response certification is an added advantage.
- Knowledge of traditional Endpoint, Network, Perimeter and Endpoint Detection Response security product solutions owned by Symantec, McAfee, Cisco, Checkpoint, Juniper, Fireeye and Carbon Black.
- Good administration and troubleshooting skills on two or more technologies mentioned above would be desired
- Ability to write scripts /code using Python, Perl, PowerShell or equivalent language.
- Experience with forensics tools such as X-Ways, F-Response, Volatility and Rekall.
- Understanding of privilege escalation, persistence and lateral movement techniques. Understanding of host and network incident response process, task and tools.
- Exposure to Windows, Linux and Open Source Intelligence
- Excellent technical documentation skills
- Extensive knowledge in Security risk assessment. Implementation of solutions
- Learning and Researching
- Bachelor’s degree or a Master’s degree.
- 7 to 12 years of experience with at least 8 + years of experience in IT Security Operations/Cyber Security Operations.
- Ability to work at odd hours
- Interested in Technology and Communication.
- Good documentation skills
- The ability to work constructively under pressure.
- Flexibility and ability to work both in a team as well as individually.
- Excellent written and verbal communication, including presentation skills are important.