We are looking for a SOC L3 Analyst to be part of our SOC/CERT team, supporting, monitoring and resolving alerts.What are we looking for?We are looking for people with technical education (Bachelor`s degree in Computer Science, a related field, or equivalent) with minimum 4 year of experience monitoring security events in L2-L3. Fluent in English and Spanish will be necessary.Candidates who provide understanding of incident management cycle would be ideal, as well as necessary experience and knowledge of:- SIEM: MS Sentinel.- EDR: SentinelOne / MS Defender (I would need one of them).- WAF: Imperva.- CASB: MS CloudApps.- Phishing analysis (desirable: CofenseTriage/Proofpoint TAP).- Security elements (IDS-IPS/Firewall/Palo Alto/Fortinet).- Knowledge of Windows security events.- Ticketing: ServiceNow.- Good knowledge in networking: flows, logs, ports, services, layers, protocols, etc.- Solid knowledge in system administration: Windows and Linux (auth, schedulers, services, ports, etc).- Advanced knowledge in log administration: log levels, syslog, CEF, rsyslog, logstash, kafka, parsing, conversion, enrichment, etc.- Comfortable with the Azure products in general and with Azure Sentinel in particular.- Experience in working with other IT teams to integrate new log sources to the SIEM.- Advanced knowledge in scripting and DB query languages: Python, Powershell and KQL (Kusto Query Language).Any of the following would be a plus (And/or):- Masters degree in cybersecurity.- Have relevant certifications.- Experience and knowledge in OT: Nozomi.- Have a degree of disability higher than 33%.What challenges and tasks can you find in this job?- Review and analyze events from various security devices (NIDS, HIDS, IDS, IPS, firewall, WAF, SIEM etc.). Level 2-3 of incidents.- Communicate any suspicious activity, incident or alert and follow up from their initial treatment to their solution.- Manage automatic vulnerability analyses (Nessus, Acunetix, WPScan, others).- Identify, analyze and program security alerts.- Contribute mantaining company´s infrastructures.- Support the SIEM, learn, adapt and document its (very) rapidly evolving environment.- Analyse, troubleshoot, and remediate issues with the SIEM and with the log collectors and network sensors.- Develop and upgrade Azure Sentinel's workbooks, analytic rules, reports, log parsers and integrate correlation logic to the Incident Response processes.- Provide support to the different components of the SIEM, IDS/IPS (Suricata), logs parsing/normalization routines, rules engine, log storage, log source devices, log collection and event monitoring.- Automate all that can be automated: Python, Celery, Logic Apps, Automation Accounts, ...Nice to:- Monitor and recommend improvements based on observed events and incidents detected by the SIEM related to: network, applications, databases, systems, and endpoints.- Help develop the in-house SOAR ecosystem: git, Django, Celery, RabbitMQ.What are we offering?Type of contract: indefinite full-time contract (from Monday to Friday).Location: Indifferent (total or hybrid remote).Salary: to determinate.Flexible Compensation Plan (food card, transport card, medical insurance, kindergarten voucher, and training).Work Life Balance: flexible work environment #J-18808-Ljbffr
