CSOC Tier 3 Analyst - Financial Company

勤務地 東京都
雇用形態 正社員
給与 ¥12000000.00 - ¥14000000.00 (年収)
専門 テクノロジー・デジタル・通信,
職種 情報セキュリティ/サイバーセキュリティ/ITリスク・ガバナンス,
お問合せ Arshad Azad
JOB ID JO-2205-470608

☑Foreign business
☑English language required
☑Japanese language required
☑Remote

[Position]
Cyber Security Operations Center (CSOC) Tier 3 Analyst

[Company Description]
Global Financial Company

[Responsibilities]
We are looking for a talented manager level professional to work for the Cyber Security Operations Center (CSOC) which is part of the corporate function of Information Security Office (ISO).

The candidate will be functioning as the first line of defense for the company. This position is much more than just watching an incident queue. You will have the opportunity to develop integrations, correlations, and SIEM content to better protect the environment.

The CSOC, and the larger ISO, are dynamic teams that look for self-motivated talent, meaning the CSOC will embrace and leverage the background and skill sets you bring to the table to better protect the overall organization.

Ideal candidates will enjoy solving complex security incidents in a fast-paced Information Security environment. Candidates would utilize their background in networking, operating systems, and security tools/knowledge to not just remediate any incidents that arise; also work with the CSOC Directors and members to create custom detections, alerts, and reporting to further improve the capabilities of the CSOC.

Ideal candidates are comfortable working in a potentially high stakes environment, while working off potentially incomplete/not ideal information/conditions. Being a high-tier Analyst, this position is expected to help the CSOC Director in leading the team of Analysts, potentially functioning as a site/shift lead, performing peer review, and helping to roll out new processes to the team. This position is expected to be actively involved in the direction and improvement of the CSOC, given the candidate's technical depth, as well as their knowledge of day to day operations. Candidates will be working under an experienced management team that has collectively over 25 years of InfoSec experience and has lived the life of an Analyst. Besides the more traditional SOC work event investigation/management, the candidate will have opportunities to become involved in the configuration of the tools/products used by the CSOC to better the CSOC as a whole. By joining the CSOC the candidate will have the opportunity to not just join a rapidly evolving team but provide their input towards the direction of the organization. Additionally, we believes in keeping up/expanding the technical and soft skills of our CSOC team members as they progress.

  • Analyze potential security incidents to determine impact/scope of the incident, leading the team through complex analysis and incident response activities.
  • Follow and help create Incident Response procedures to perform preliminary log collection and incident investigations, determining the cause of the security incident, containing the threat, and building protections against future infections.
  • Interface and drive response/project work forwards with technical personnel and other teams in the ISO as well as the larger organization as required.
  • Follow and help create escalation procedures to counteract and contain potential threats.
  • Appropriately inform and advise CSOC Director on incidents and incident prevention, while helping to coordinate the Analyst Team and while functioning as site/shift lead(s).
  • Drive documentation improvements of CSOC processes/tools/knowledge based upon observations and feedback from the Analyst Team.
  • Lead and plan knowledge sharing with Analysts while developing solutions/processes/detections efficiently.
  • Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis (e.g., SIEM, IPS, firewall, EDR, Advanced malware detection etc.).
  • Help lead the Analyst Team to leverage the toolset to investigate incidents using computer/network forensic techniques to reconstruct events, identify unknown intrusions through use of indicators of compromise, and to identify and track any lateral movement.
  • Candidate is expected to help lead interactions with other team members, management, and other IT teams (Workstation, Network, Server, Cloud, etc.).
  • Maintain the integrity and security of enterprise-wide cyber systems and networks by coordinating internal team and larger our resources during enterprise triage/incident response efforts.
  • Utilize a deep understanding of attack signatures, tactics, techniques, and procedures associated with advanced threats, while using security domain knowledge to improve our defenses/detection mechanisms.
  • Assist the CSOC Director in briefing the senior management.
  • Drive our automation and programmatic improvement of cyber response processes forwards.
  • Working closely with the Threat Hunting and the Cyber Threat Intelligence teams to operationalize new use cases, detections, and intelligence.
  • CSOC team provides 24x7x365 support, this position will work in CSOC Tokyo office, follow Japan shift hours fundamentally.

[Requirements]

  • Bachelor's degree in Information Technology, Information Security, Computer Science, or a related discipline; OR 4 years equivalent direct work-related experience in lieu of a degree
  • Experience (5+ yrs.) in a corporate IT environment in addition to a degree
  • 3+ years working in Cyber Security Operations, preferably 2+ years working in the higher tiers of SOC.
  • Deep understanding of IT Security practices/programs/tooling, with demonstrated examples of driving initiatives forwards.
  • Documentation/process experience, in IT, Cyber Security, and a SOC environment.
  • Advanced oral and written communication skills demonstrated in an IT or security related area.
  • Advanced and in-depth problem solving & analytical skills demonstrated in an IT or security related area, preferable in a SOC/IR environment.
  • Deep understanding of networking concepts and tools, demonstrated exposure/expertise a plus.
  • Team player that cannot just work with team members and businesses partners around the world in different time zones and with a diverse cultural background while being respectful of local customs, but also help lead said groups.
  • Demonstrated passion about the information security field and cyber defense, including commitment to training, self-study, and maintaining proficiency in the technical cyber security domain.
  • IT Security certifications (e.g., Security+, GSEC, GCIH, GMON, GCTI, GNFA, GCWN, GREM, OSCP, other advanced cyber security certifications, etc.).
  • Innovative and willing to raise unique/original ideas.
  • Knowledge of Splunk (ES & Phantom) / Splunk certifications a huge plus. Exposure to/knowledge of other SIEM/SOAR tooling a plus.
  • Demonstrated previous systems, cloud, endpoint, networking, server, deep knowledge. Administration of said tools/systems a plus.
  • Scripting background (Python, Perl, bash, etc.) a huge plus.
  • Familiarity with sandboxing solutions and malicious file analysis a plus. Prior work with malware labs/sandboxes a major plus.
  • Automation experience a major plus, especially in a SOAR or SOC/IR context.
  • Demonstrated exposure to Cyber Threat Intelligence and its operationalization with a security operations environment.
  • Business level of Japanese and English is a must. Fluent in Japanese or English is preferred. Work experience with Japan is very much preferred.

[Language Requirement]

  • English Language level: Business level
  • Japanese Language level: Fluent - Native Level (Equivalent to JLPT N1)
  • Work permission in Japan required

[Salary]
12-14 million JPY

[Welfare]
Social insurance

[Holidays]
Full 2 holiday week system (Sat/Sun) national holidays
New year's holiday
Annual Leave

Please click "apply" if you are interested in the job.
We will review your profile and contact you within five business days should we find that you satisfy the requirements of the hiring company.
Further details about the company and position will be notified at a later date.

Reference:JO-2205-470608
#LI-REMOTE
Seniority Level: Mid-Senior level
Job Function: Information Technology, Analyst