Advanced Monitoring Analyst

Description

Sygnia is a top tier cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide. Sygnia works with companies to proactively build their cyber resilience and to respond and defeat attacks within their networks. It is the trusted advisor and cyber security service provider of IT and security teams, senior managements, and boards of top organizations worldwide, including Fortune 100 companies.

The company draws on top talent from the ranks of elite military technology units and from across the cyber industry and has some of the world’s top talents in cyber security. Described by Forbes as a “cyber security delta force”, it applies technological supremacy, digital combat experience, data analytics and a business-driven mindset to cyber security, enabling organizations to excel in the age of cyber.

Sygnia is looking for an Advanced Monitoring Analyst to join the team of cybersecurity analysts that performs advanced and tailored monitoring activities in post-breach clients' environments. The role includes the development of detection analyses, triage of alerts, investigation of security incidents, proactive threat hunting, and enhancement of sensors and overall visibility status, as well as performing onboarding of new clients. The suitable candidate should be a team player with previous experience in SOC, SecOps, or security monitoring, independent, and with a "can-do" attitude, as well as possessing strong customer-facing capabilities.

The position includes multiple challenging aspects, such as creation of detection analyses, attack scenarios research, team capabilities developments, client interactions, and in-depth investigation, which include host forensics work in both Windows and Linux systems, and cloud environments (e.g., AWS, GCP and Azure).

Main Responsibilities

• Perform Post-Breach monitoring activities in global clients’ environment including in-depth triage of alerts and host forensics analysis.
• Develop out-of-the-box and tailor-made analyses and detection to monitor the clients’ environment, often based on known threat actor tactics, techniques and procedures. This work may include research activities to support the detection development.
• Support major Incident Response engagements with accurate detection after a potential active threat actor in the client’s network.
• Work on maintaining the necessary visibility and log forwarding for the ongoing monitoring engagements, including host-based data, Cloud environments, network devices, etc.
• Apply proactive threat hunting approach in ongoing monitoring engagements, including forensic host and network-based analysis, malware hunt and wide IOC searches.
• Develop capabilities and automations for alerts handling, triage and escalation, visibility maintenance, reporting, and more.
• Onboard new customers by assessing their security posture, tailoring monitoring systems to their environment, and integrating their security frameworks into our services.
• Often work alongside global client’s security personnel when providing regular updates and following-up on alerts and security events.
• Generate and provide reports and metrics on actionable data: incidents, weekly aggregation/trending, follow up procedures, visibility status, etc.

Main Requirements

• 3-5 years of a relevant experience in the cyber security field from military service and/or industry in cyber defense roles.
• Strong analytical thinking, problem-solving mindset and independency.
• Independent, bright and positive analyst, who strive for excellency, and able to succeed in a dynamic environment.
• Basic understanding of the life cycle of advanced security threats, attack vectors and methods of exploitation.
• Hands-on experience working with SIEM technologies. (e.g. Splunk, QRadar, ArcSight, Exabeam, etc.)
• Good familiarity of common data and log sources for monitoring, detection and analysis (e.g., Event Logs, Firewall, EDR).
• Strong technical understanding of network fundamentals, common Internet protocols and system and security controls.
• Familiarity of system and security controls, including basic knowledge of host-based forensics and OS artifacts.
• Proficient knowledge and experience with scripting (e.g., Python).
• Familiarity with cloud infrastructure, web application and servers – advantage.
• Fluent English (written, spoken) – a must.
• Proven expertise in engaging with clients through effective communication and interpersonal skills.
• Willingness to work off hours as required, with a potential traveling to clients