SOC Analyst (Tier 2) - Incident Handler

Job description

About Company
Snapp is the pioneer provider of ride-hailing mobile solutions in Iran that connects smartphone owners in need of a ride to Snapp drivers who use their private cars offering transportation services. We are ambitious, passionate, engaged, and excited about pushing the boundaries of the transportation industry to new frontiers and being the first choice of each user in Iran.

About the Team
Snapp Security Team is in charge of dealing with security incidents and defending Snapp services and assets. We have team members from different areas of expertise. The team's atmosphere is very dynamic and supportive, and its members are eager to learn/teach from/to each other.


About the Role
The SOC Analyst plays a vital role in keeping an organization’s proprietary and sensitive information secure. He/she works inter-departmentally to identify and correct flaws in the company’s security systems, solutions, and programs while recommending specific measures that can improve the company’s overall security pose.


Responsibilities:
  • Support or contribute the different levels of the incident response process in case of confirmed incidents
  • Support and contribute the execution of incident simulation exercises for validation and improvement of the overall incident response capabilities
  • Help us create meaningful alerts from events
  • Operate and optimize security processes and tools
  • Developing incidence response playbooks
  • Handling security incidents/alerts, investigating the root cause in collaboration with other Security teams, establishing corrective controls, and minimizing the impact
  • Investigate breaches, gather evidence, and analyze data
  • Correlate actionable security events from various log sources and Threat Intelligence (TI)
  • Maintain and enhance our security monitoring toolkit (SIEM, sensors, etc.)
  • Create, improve, and implement security detection techniques within our SIEM
  • Help us identify malicious activities within our network, which our current toolset might not cover
  • Work as part of a team to deploy and maintain secure and reliable network architecture as well as server/system security best practices
  • Build security tooling and automation for internal use that enables the Security Department to operate at high speed and wide-scale
  • Participate in team problem-solving efforts and offer ideas to solve the issues
  • Advice and support the company in all security-related matters

Requirements


  • Strong understanding of Information Security
  • Strong analytical and creative problem-solving skills
  • Experience with digital forensics and malware analysis would be an advantage
  • Strong knowledge of system/network security and security best practices (network ACLs, authentication mechanisms, OS hardening)
  • Strong knowledge of Linux based operating systems and their security-related components (overall architecture, system calls, Audited)
  • Good knowledge of IDS/IPS, WAF, endpoint security, etc
  • Good knowledge of host security
  • Deep knowledge of Threat Intelligence
  • Python (or similar) coding skills
  • Experience with SIEM or any other log analysis solutions
  • Experience in Docker and Kubernetes environments would be an advantage

Preferred Qualifications
  • 5+ years of operational experience in Information Technology & Information Security
  • Good written and verbal communication skills in English
  • University Degree in Computer Science, Computer Engineering, or other relevant fields
  • Certifications such as CEH, Security+, SANS would be considered as an asset
  • Good interpersonal communication and presentation skills
  • Ability to be a team player
  • Ability to work effectively in multiple cultures and at a range of levels
  • Ability to constantly build up skillset using a mix of self-motivated and course-based learning environment
  • Ability to work independently, proactively to see the big picture, and work through solutions as needed
  • Good knowledge of Windows, Linux, databases (MySQL, no-SQL), anti-malware, IDS, and other security technologies
  • Basic understanding of virtualization and software-defined data center concepts
  • Knowledge of OSI reference model and networking fundamentals (switching, routing,load-balancing, firewalling)
  • Understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS
  • Basic understanding of cryptographic functionality within such protocols would be of advantage

Perks and Benefits
  • Commitment to diversity
  • Health insurance
  • Remote working
  • Competitive salary
  • Monthly Snapp credit
  • Generous vacation policy