Job Requisition ID: RP1006295
Job Title: Intrusion Analyst
Job Type: Full-Time
Location: Warsaw, Poland
Job Description:
Position Summary:
You will actively investigate potential successful and unsuccessful intrusion attempts and compromises, malware infections, as well as a variety of other security incidents and provide the team with the impact of the threat, your assessment of the incident, as well as recommendations.
Primary Responsibilities:
Performs IT security intrusion monitoring and incident response.
Monitor and analyse Intrusion Detection Systems (IDS) to identify security events.
Recognise potential, successful, and unsuccessful intrusion attempts and comprises through reviews and analyses of relevant event detail and summary information.
Review security-related events and assess their risk and validity based on available network, endpoint, and global threat intelligence information.
Create, modify, and update IDS/IPS and Security Information Event Management (SIEM) tool rules in Splunk.
Evaluate/ deconstruct malware (e.g. obfuscated code) through open-source and vendor provided tools.
Assists with implementation of counter-measures or mitigating controls.
Evaluate change requests and assess organisational risk.
Prepare briefings and reports of analysis methodology and results.
Create and maintains Standard Operating Procedures and other similar documentation.
Responsible for upholding F5's Business Code of Ethics and for promptly reporting violations of the Code or other company policies.
Performs other related duties as assigned.
Knowledge, Skills and Abilities:
Experience with and expert understanding of at least one of the following operating systems (Windows, Linux, Mac OS) at a filesystem level.
Fundamental Internet protocols, services and technologies (e.g. HTTP/HTTPS, DNS, SMTP, SSH, LDAP, TCP/IP, UDP, ICMP, JSON, REST, etc.)
Common security controls (e.g. firewalls, proxies, IDS/IPS, WAF, etc.)
Experience with and understanding of:
- Malware and exploit kit functionality.
- Operating system and application exploits.
- Lateral movement, living-off-the-land, and persistence establishment mechanisms.
- Detection of anomalous system activity.
- Incident response and incident handling processes.
Strong technical communication skills, both written and verbal; attention to detail and great organisational and time management skills.
Excellent problem solving skills that would allow for the ability to diagnose and troubleshoot technical issues.
Courage and willingness to challenge conventional wisdom.
Ability to research and characterise security threats including creating appropriate countermeasures.
Demonstrated track record of identifying and pursuing strategic and complex areas of security research in collaboration with internal and external stakeholders at all levels, to include defining appropriate policies, practices, and countermeasures.
Host-based security tools.
Network-based security tools.
Malware analysis sandboxes and tools.
Experience with one or more of the following platforms: Carbon Black, FireEye, Splunk, etc.
Qualifications
2 to 5 years of relevant experience or equivalent combination of education and work experience.
Physical Demands and Work Environment:
Duties are performed in a normal office environment while sitting at a desk or computer table.
Duties require the ability to utilise a computer, communicate over the telephone, and read printed material.
Duties may require being on call periodically and working outside normal working hours (evenings & weekends)
Jobs may be performed on-site at a remote facility or data centre, or in an office environment while sitting at a desk or computer table.