SOC Analyst Tier II
Cyber Security Researcher
• Cyber security professional with a minimum of 3 years of cyber security research experience.
• Must possess strong verbal and written communication skills in English.
• Have a broad understanding of the cyber security domain and common related technologies and tools.
• Have excellent understanding and hands-on experience with identifying and exploiting common security vulnerabilities, including OWASP-Top-10.
• Be able to assess web applications, with emphasis on RESTful APIs.
• Have good understanding of network infrastructure and protocols.
• Be able to understand complex code and writing scripts.
• Has hands-on experience with assessing and exploiting of at least one of the following domains:
• Private/public cloud and micro-service architectures (IaaS, PaaS and SaaS)
• Mobile infrastructure and applications (iOS/Android)
• Linux Kernel, containers, container runtime, and orchestrators
• Low-level systems and reverse engineering, with emphasis on exploitation
• The SDLC process with emphasis on threat modeling of complex systems
• Infrastructure and network communication analysis
• Research of proprietary protocols.
Senior Security Engineer
• Engineering, implementing and monitoring security measures for the protection of computer systems, networks and information.
• Designing computer security architecture and developing detailed cyber security designs.
• Identifying and defining system security requirements.
• Analyzing security systems and seeking improvements on a continuous basis.
• Researching weaknesses and finding ways to counter them.
• Developing best practices and security standards.
• Assisting colleagues with cybersecurity, software, hardware or IT needs, while providing direction and solutions for security threats.
• Reporting possible threats or software issues.
• Finding cost-effective solutions to cybersecurity problems.
• Understanding cloud, software, hardware and internet needs while adjusting them according to our unique business environment.
• Ensuring timely and adequate response to threats/alerts including off-hour support.
• Enforcing security policies and procedures concerning cloud infrastructure.
• Ensuring that necessary controls and processes exist to appropriately correlate and assess security events while mitigating identified vulnerabilities in all environments.
• Evaluating new technologies for improving security and network performance.
• Improving security controls and safeguards according to new threats.
• Supporting security event monitoring and incident response.
• Conducting security incident and event investigation and analysis.
• Participating in systems design to ensure implementation of appropriate technical security policies and technology across all layers.