A. Cyber Security Responsibilities:
• Understand basic concepts such as networking, applications, and operating system functionality and be able to collaborate with other analysts to investigate security events, contextualize them with available intelligence, and identify potential threats.
• Transform event information and raw data into compromise reporting, acting to identify and halt active intrusions. Understand the operational security controls needed to detect, re-mediate, and prevent compromises. Candidates will need to apply their forensics, log analysis, and malware triage skills to solve complex intrusion cases.
• Maintain a strong understanding of network protocols, security appliances, and the data that traverses both.
• Responsible for Functional knowledge of host based forensic artifacts in as many operating systems; Windows, Linux, Mac OS.
• Consolidate technical artifacts and indicators into meaningful scale, impact, and remediation guidance.
• Analyze creatively and dynamically an ever-changing threat landscape by connecting disparate events into overarching incidents that may represent a larger threat than each individual event does alone.
• Responsible for Foundational knowledge of vulnerabilities, exploitation, lateral movement, command and control traffic, attacker methodologies, application whitelisting bypasses and legitimate service abuse.
• Responsible for Intelligence gathering, and updating of Threat intelligence data pipeline.
• Handle Independent threat analysis.
• Contribute to threat alerts & advisories.
• Responsible for development of internal systems & tools
• Foundational knowledge of vulnerabilities, exploitation, lateral movement, command and control traffic, attacker methodologies, application white-listing bypasses and legitimate service abuse.
B. Cyber Security Qualifications:
• The ability to analyze event and systems logs, perform forensic analysis, analyze malware, and other incident response related data, as needed.
• Deep understanding of incident response best practices and processes
• Familiarity with intrusion detection systems (e.g., snort) and tools (e.g., tcpdump, Wireshark).
• Knowledge of attack vectors, threat tactics and attacker techniques.
• Familiarity with network architecture and security infrastructure placement.
• Understanding of Windows operating systems and command line tools.
• A solid foundation in networking fundamentals, with a deep understanding of TCP/IP and other core protocols.
• Knowledge of network-based services and client/server applications.
• Proficient in TCP/IP networking and security.
• Good knowledge of vulnerability analysis, information warfare, Botnet analysis and Botnet propagation techniques.
• In-depth understanding of TCP/IP, DHCP, DNS, IPSEC, RPC, SMB, SSI-I, SIP, SMTP,IMAP, IRC, HTTP/S, FastFlux, Nettlow, SNMP, syslog
• Basic understanding of Google Apps APIs (maps, charts)
• Good Knowledge of Log Analysis
• Good Knowledge in Apache Kafka, Mesos, Docker, Elastic search and Apache Storm
• Good Knowledge of Open Source Intelligence & information gathering.
• Technical Writing.
C. Cyber Security Certifications:
GCIH, GCIA, GCFA Certificates, If any available
D. Nationality: For Arab Nationals – Algerian – Moroccans –East-West Europe – South Africans or any other nationality based at Qatar / residency transferable