---

---

Location

Valencia | Spain

---

Job description

The Security Operations Analyst position ensures the ongoing effective operation of the vulnerability management platform, prioritizes vulnerabilities in the environment, communicates vulnerability status to stakeholders, and ensures effective integration with other tools and systems in the UNICC environment.

Security Operations Analyst main duties are:

• Capability to handle Security Alerts escalated by Tier1 and to ensure the escalation process is done right.
• Capability to perform security investigations based on SIEM/EDR/AV or even external tools
• Capability to collaborate in order to reduce false positives
• To be able to understand Windows AD server security logs and AD User management
• Vulnerability Management tools knowledge
• Capability to run ad hoc scans when required
• To check and manage vulnerability scan reports and providing insights based on such report (e.g: TOP10 CVE, TOP10 Hosts, etc)
• Antivirus and EDR
• To be able to investigate issues and threats by using such tools and extract data/KPI
• Other operational tasks

Required Technical Skills:

The resource MUST have the following skills and experience:

• 10 years of relevant IT experience with at least 4 of those years in vulnerability management.

• Proven experience with network vulnerability scanning and vulnerability management products (e.g. Qualys Guard, Rapid7, Nessus).

• Proven experience with web application security testing tools (e.g. Burp Suite, NetSparker, Paros, Acunetix, Qualys WAS).

• Proven experience with configuration management/ hardening tools based on CIS Benchmarks (e.g. CIS-CAT Pro, Qualys SCA App, Nessus audit files etc…)

• Proven experience developing scripts and automating process (e.g. Python, Powershell, Ansible)

• Strong working knowledge of UNIX/Linux and Windows operating systems including web server technologies like IIS, Apache.

• Knowledge of IT security architecture/infrastructure best practices for both on premise and cloud environments.

• Knowledge of public-key cryptography, encoding, encryption, and hashing techniques.

• Knowledge of IT security / hardening best practices; including but not limited to operating
systems, web applications, and network devices.

The resource SHOULD have the following skills and experience:

Experience in implementing cyber security controls to achieve compliance with ISO 27001 and other cyber security control frameworks.

Required Soft Skills:

• Strong analytical and problem-solving skills.

• Ability to act calmly and competently in high-pressure, high-stress situations.

• Excellent written and verbal communication skills, interpersonal and collaborative skills.

• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.

• High level of initiative, accountability, attention to detail, ability to follow processes and to work with little supervision.

• Proactive, flexible attitude to work with a willingness to constantly review and improve skills and process.….

Desirable certifications:

• Experience in working in a distributed multi-cultural environment.
• Project management skills and ability to manage multiple projects under strict timelines.

Education/certifications:

Graduation from secondary school supplemented by specialized training and work experience in Cyber security/IT Security.

• Bachelor’s degree in Computer Science, Engineering or equivalent work experience required.
• GCIH, GCIA, GPEN, GWAPT, GAWN, GMOB, OSCP, OSEP, OSWP, OSWE, OSCE, CISSP, CCSP, ITIL Certifications.

Languages:

• Expert knowledge of English is required.
• Knowledge of another UN language is desirable.

Teleworking Option:

☒ Yes, up to 5 days per week.

On-call requirements:

☒ May be required on an exceptional basis

#J-18808-Ljbffr

---

Job tags

---

---

Salary