-
CSIRT Incident Response Consultant -
SIEM (Splunk) Engineer
岗位名称:CSIRT Incident Response Consultant
工作地点:
-
上海
岗位职责:
-
Analyze and process security incident tickets within a structure or an incident response team.
-
Communicate and provide security recommendations to customer services of the incident response unit.
-
Launch the first investigations by following the recommendations L1 and L2 of the SOC.
-
Know the difference tools in order to extract all the necessary information.
-
Escalate alerts: communicate with the entities concerned by providing as much information as possible to push the investigation as far as possible.
-
Propose corrections to the people concerned and advise them to avoid new alerts of the same type.
-
Organization of monitoring on new vulnerabilities, new technologies and attack methods relating to the various components of the IS in all its areas at group level.
-
Consistency of the various vulnerability analysis functions, qualificaiton of security advisories, digital investigations and risk assessment on the IT infrastructure.
-
Organization of the incident response: coordination of actors, participation in the resolution of the crisis, development of communication elements on the state of the crisis. Monitor and coordinate remedial actions.
-
Capitalization and organization of the taking into account of experience feedback following incidents and proposal to improve remediation systems. Integrate and interact with the various CSIRT networks.
-
Make recommendations for bypass and emergency messures and to improve detection capabilities.
-
Being a point of contact between all the entities of the group in order to carry out the investigations in their entirety. Communication with the technical service providers and IS of the group.
技能要求:
-
Good English-speaking skills
-
Detection tools (IDS, IPS, EDR, etc.)
-
Analysis tools (logs, events, etc.)
-
Operational modes
-
Knowledge of the latest vulnerabilities (CERT-FR) and the solutions that can be provided
-
Knowledge of different action supports (servers, workstation, AD, Cloud, mobiles, etc.)
岗位名称:SIEM (Splunk) Engineer
工作地点:
-
上海
岗位职责:
-
Proactively maintain and optimize SIEM instances (primarily Splunk, with some Sentinel) to ensure high perpformance and availability.
-
Respond promptly to customer requests, incidents and SIEM-related issues.
-
Collaborate with cross-functional team to troubleshoot and resolve SIEM problems.
-
Document current configurations, maintenance processes and records.
-
Work closely with customers to understand their requirements and provide effective solutions.
-
Stay current with the latest SIEM features, updates and best practices.
-
Participate in on-call support for urgent issues.
技能要求:
-
English writing is requried. Speaking is a plus.
-
Bachelor’s degree in Computer Science, Information Technology or a related field.
-
3 years of hands-on experience as a Splunk and Sentinel Engineer/Administratior.
-
Splunk or Sentinel certifications as a plus.
-
Strong knowlege of Splunk architecture, SPL and advanced query techniques.
-
Experience in designing, implementing and maintaining SIEM in enterprise and cloud environments.
-
Excellent troubleshooting and problem-solving skills.
-
Ability to communicate technical concepts to both technical and non-technical stakeholders.
-
Proven track record of proactive systems maintenance and optimization.
-
Strong documentation skills with the ability to create clear and comprehensive technical documentation.
Orange Cyberdefense 是 Orange 集团旗下的专业网络安全业务公司,为全球组织提供安全管理、威胁检测与响应等托管服务。作为世界领先的安全提供商,我们致力于保障网络空间安全并构建一个更安全的数字社会。
凭借在信息安全领域超过25年的经验,3000名专家、18个SOC和14个 CyberSOC遍布全球,我们知道如何解决客户的全球和本地问题。在中国,我们的业务涵盖24/7/365安全托管检测与响应中心、渗透测试 、漏洞扫描、补丁管理、遭受网络攻击后的调查取证等,并确保跨国企业在国内满足信息安全相关法律的规定。
联系我们
原文始发于微信公众号(誓联信息 Orange Cyberdefense):招聘网络安全顾问和SIEM工程师!Orange Cyberdefense欢迎您加入!
