| Security Operations Analyst :: Remote at Remote, Remote, USA |
| Email: [email protected] |
|
http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=2295099&uid= Role- Security Operations Analyst -L3 Work Location- Remote is fine but Work / Shift timing will be California time Technical Requirements / JD: Query & Investigations: Extensive experience in SIEM query building, complex query writing (such as subqueries, conditions, etc.), data pivoting (via queries, excel, notepad++, etc.), data parsing and manipulation. Cyber Investigation and Threat Hunting Skills: understanding how to investigate different types of attack/compromise scenarios, isolate associated risks (and enumerate potential CoAs & responses actions: such as network contain hosts, reimage assets, rotate accounts, revoke tokens, reset sessions, etc.). The response actions should be tailored to risk, dictated by indications of compromise identified, dictated by the specific attack scenario identified (e.g. advanced malware, info-stealers, phishing, malicious links in email, ransomware, hacking software such as mimikatz, cobalt, meterpreter, impacket, PS empire, AD enum tools etc.), which is alluded to by the monitoring content triggered (i.e. security event). Threat Intelligence: general understanding about threat actors (criminal orgs, advanced persistent actors (APT other national sovereign states), ransomware groups, targets/victims, verticals, TLP ratings, intelligence integration into cyber operations and how to use that, etc. CyberOps Toolset: Should have advanced understanding of the following toolsets by category (not brand) and express that experience/depth of understanding, in the interview: EDR process trees, disk operations, network connections, commandlines run, load & run state of binaries and DLLs, duration, actions applied, process IDs, etc. Also advanced experience running queries in EDR SIEM as stated above regarding advanced query building/writing and pivoting skills. In addition, should have advanced experience building content rules in SIEM (per patterns identified). Sandbox how to submit various artifacts/links etc. and how to interpret the reports which require understanding of WinAPIs Cloud both AWS and Google GCP, general knowledge regarding compute (EC2, Compute Engine), storage (S3, Cloud Storage), and databases (RDS, Cloud SQL) as well as serverless computing (AWS Lambda, Cloud Functions) should be familiar with CloudTrail and GuardDuty datasets and how to investigate and pivot those. Email Proxy experience regarding email based research and investigation phishing, malicious emails, content, artifacts, downloads, campaigns Special Knowledge Sets of Interest to Customer/Industry: General understanding regarding AD Domain Controllers, their role, their function, what they store, how authentication is achieved, how service requests are processed, etc. AD Attacks ntds.dit, golden ticket, pass the hash, pass the ticket, krbtgt account compromise, how to perform privilege escalation attacks (various techniques) etc. Associated AD attack tools bloodhound, sharphound, mimikatz, ntdsutile.exe, impacket suite, etc. Thanks & Regards, Trayambkeshwer Dwivedi (Trayam), Sr. Technical Recruiter Raas infotek corporation 262 Chapman road, Suite 105A, Newark, DE-19702 Email: [email protected] Website: raasinfotek.com LinkedIn: linkedin.com/in/trayambkeshwar-dwivedi-792283218 -- Keywords: sthree active directory information technology Delaware Security Operations Analyst :: Remote [email protected] http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=2295099&uid= |
| [email protected] View All |
| 01:46 AM 28-Mar-25 |