The resource MUST have the following skills and experience:
- Knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols
- Deep knowledge of Microsoft Security Tools (e.g. M365, Cloud App Security, Azure, Defender for Endpoints, Azure Security, Azure Sentinel and XDR
- Deep Knowledge of Cloud technologies (e.g. Azure, AWS and GCP)
- Deep knowledge of SIEM tools like Splunk, QRadar, ArcSight, MS Sentinel, ELK Stack.
- Knowledge of at least one EDR solution (MS Defender for Endpoint, SentinelOne, CrowdStrike)
- Knowledge of email security, network monitoring, and incident response
- Knowledge of Linux/Mac/Windows
- A minimum of five (5) years of relevant experience in information technology field, including triage of alerts and supporting security incidents
- Proven experience in reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
- Proven experience on administering a SIEM platform, preferable either Splunk or Microsoft Sentinel SIEM
- Expert knowledge of English, both written and spoken, is required
The resource SHOULD have the following skills and experience:
- Proven knowledge of monitoring AWS environment (Iaas, Saas, Paas)
- Knowledge of at least one general-purpose or shell scripting language (e.g. Ruby, Bash,
PowerShell, Python, etc.)
Soft skills:
- Excellent communication skills
- Customer facing experience and oral communication skills
- Ability to write documentation & reports
- Creativity/ ability to find innovative solutions
- Willingness to learn on the job
- Conflict management & cooperation
Desirable certifications:
- Technical certifications: MCSE, CCNA, Microsoft Azure (e.g., SC-200), GCIH, CEH, GCFA or
any GIAC/similar certification
