Cyber Security, Level 2 Analyst

Job title: Cyber Security, Level 2 Analyst

Company: Carpe Diem , Pakistan


Job description: The Cyber Security, Level 2 Analyst is an established role within the Computer Security Incident Response Team (CSIRT), carrying integral responsibility for recognizing, assessing and mitigating potential cybersecurity threats. The ideal applicant will possess a robust expertise in, as well as enthusiasm for cyber security incident management, threat exploration, and detection engineering. From the viewpoint of incident response (IR), candidates need comprehensive knowledge of IR operations which encompasses familiarity with related tools; proficiency in documenting and adhering to operational protocols; along with excellent written communication skills.You would also be responsible for conducting threat pursuits that necessitate deep understanding of cyberthreat intelligence coupled with awareness about MITRE ATT&CK Framework, alongside proactive abilities to identify emerging hazards. Furthermore, these hunts require intricate investigations working within STN’s SIEM framework plus fundamental experience regarding query languages.In addition, you are expected to apply your previously mentioned hunting capabilities into enhancing detection systems. This involves recognizing opportunities for enhancement on detections contributing towards managing lifecycle development process around it while maintaining collaborative relationships across various sectors like CSIRT’s vendors or offensive cybersecurity groups among others.Finally this position offers chances to build bridges between diverse departments such as Human Resources, Law Department IT, Risk Management Informational Protection Teams etc.,STN Vendors and more. The position within Cybersecurity is a critical component of the CSIRT team, necessitating that whoever fills this role take an active hand in pinpointing and alleviating burgeoning cyber risks. Furthermore, this role implies extensive cooperation with security analysts, incident response teams, and threat tracking experts to comprehend developing threats thoroughly. Such collaboration fosters the conversion of threat intelligence into feasible detection tactics whilst promoting a forward-thinking approach to security measures.This includes, but is not limited to:· Conduct proactive threat hunting exercises to identify advanced and persistent threats within the organization’s network and systems.

• Collaborate with cross-functional teams to develop and refine threat hunting methodologies, leveraging both internal and external threat intelligence sources (OSINT).
• Analyze threat data from various sources, including logs, network traffic, and endpoints, to identify indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with cyber threats.
• Investigate and respond to security incidents, analyzing the scope and impact of breaches, and developing mitigation strategies.
• Craft and refine detection rules, leveraging SIEM platforms, query languages, and custom scripts to develop robust and effective detection mechanisms.
• Create and maintain detailed documentation of threat hunting processes, findings, and incident response procedures.
• Proven ability to analyze and interpret log data from diverse sources, including network and endpoint logs, to identify patterns indicative of security incidents and potential vulnerabilities.
• Produce timely and accurate reports on threat hunting activities, findings, and recommended actions to stakeholders and management.
• Familiarity with a range of industry-leading detection tools, frameworks, and methodologies, ensuring the implementation of a robust and effective detection infrastructure aligned with organizational security objectives.
• Strong understanding of common cyber-attack techniques, such as phishing, malware propagation, lateral movement, and data exfiltration.
• Collaborate with the incident response team to develop and enhance incident response playbooks, ensuring alignment with threat intelligence insights.

JOB RESPONSIBILITIES:Under the general direction of the Information Security Manager or delegate and working with other IT, BST, etc. throughout the firm, the roles will perform the following functions:· Participate as an integral part of the CSIRT Team, Risk and IT in general.· Work closely with CSIRT team people & technology to detect, assess, and communicate cyber threats.· Proactively monitoring and analyze logs via the SIEM for indicators of attack.

• Support threat hunting initiatives, utilizing both internal and external threat intelligence sources, to identify potential threats and vulnerabilities.
• Develop and implement robust detection capabilities by leveraging a profound understanding of behavioral analytics, anomaly detection, and signature-based techniques, ensuring comprehensive coverage across a diverse spectrum of cybersecurity threats.
• Develop and refine threat hunting methodologies, leveraging indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and threat actor profiles.
• Collaborate closely with cross-functional teams to provide timely and relevant cyber threat intelligence updates, contributing to strategic security decisions.
• Drive and shape detection roadmaps, monitor and analyze data to discover and discern trends, threats, and security risks associated with STN assets and information.
• Carry out detection engineering, including detection lifecycle management, tuning & testing detections, and identifying opportunities for new detections.
• Evaluate log sources reporting to the SIEM, including documenting key information and resources regarding log source data, working with log source owners to enhance the CSIRT’s understanding of the use and application of the log source, and identifying gaps in log source visibility or quality.

Maintain up-to-date knowledge of the cyber security industry as it relates to STN including:· Threat Hunting Frameworks & Methodologies· Attacker methods and TTPs

• Detection Engineering
• SIEM query and Tuning detection use cases
• Standards, regulations, and legislation
• Industry best practices
• Threats and vulnerabilities

Provide input and represent STN and client interests in the areas of:· Threat Hunting, Incident response and investigation· Incident response management for client security incidents

• Developing & tuning detection use cases and enhancing over incident response visibility.
• Work with IT Directors, Managers, Architects, and staff to implement, monitor and maintain Confidentiality, Availability and Integrity of STN information assets.
• Track and manage materials provided to external providers and clients.
• Maintain information security credentials and certifications as required to present a credible presence to internal and external audiences.

Technical and functional expertise· Requires an advanced level of professional knowledge in information technology and security developed through a combination of advanced degrees in information technology and hands on experience.· Must have previous career development experience which has provided management skills, motivational skills, interpersonal skills, and outstanding organizational effectiveness.· Knowledge of the legal and regulatory landscape related to security and privacy in an international environment.

• Very strong business sense with ability to relate technology issues to business.
• Requires strong analytical skills and abilities including an extensive knowledge of software, database, operating systems, client server architecture and voice and data communication services and facilities, security and privacy, in an international setting.
• Perform in-depth analysis of threat data from various sources to identify patterns, correlations, and trends, and translate findings into actionable intelligence.
• Communication, interpersonal and teaming skills
• Outstanding verbal and written communications skills are a must because of the requirement to represent STN in communications with clients.
• Calm demeanor, grace under fire, outstanding listening skills

Leadership, impact and change
High level of initiative and self-motivation, resourceful, and patient with an iterative process

• Ability to gain trust and commitment of others at different levels of the organization
• Proven ability to challenge traditional way of operating and moving beyond the obvious
• Translates STN’s broader strategic objectives and cascades these into own work plans, metrics and team work plans
• Works effectively with significant ambiguity and fluctuating priorities and constrains

Work management, organization and planning· Ability to evaluate and prepare detailed project plans for technology projects that will be implemented across the business. Manage local and global technology problems and direct staff in resolution of such problems. Evaluate and advise on the technology and systems components associated with projects adopted by STN corporate and offices.

• Ability to monitor projects and direct staffs to ensure projects are aligned with the strategic objectives of the business.

Customer and business focus· Focuses on the most critical issues that have the highest impact on the organization and business needs.· Working mode: “enabling”, “value adding” and “expanding”

• Treats all others with respect; generate trust.

People management· This position requires interaction with STN Partners, STN Case Team staff, client legal and security staff, Administrative Management, vendors, IT Management and Staff, Legal Department, Finance, Vendors, etc. Very strong relationship skills are essential. Excellent Leadership and teaming skills are required.Values and ethics· Strong sense of confidentiality and integrity· Treats others with respect and generates trust.

• Establish relationships based on respect, trust and integrity.

You Bring (Experience & Qualifications)· Bachelor’s degree (or equivalent) in Computer Science, Cybersecurity, Information Security, or a related field.· Minimum 3 years of information security experience, with a very strong technical background.

• Demonstrated Threat Hunting and Incident Response experience.
• Experience with threat hunting methodologies and tools, including but not limited to SIEM platforms, EDR solutions, network traffic analysis tools, and threat intelligence feeds.
• Well versed with analyzing and interpreting security logs, network traffic, and endpoint data to identify and investigate potential security incidents.
• Proficient in crafting advanced SIEM queries for detection criteria, adept at fine-tuning use cases and collaborating with log source stakeholders to establish baselines, ensuring enhanced detections and improved detection fidelity.
• Strong analytical, problem-solving, and critical-thinking skills, with the ability to work effectively in high-pressure situations.
• Experience with threat intelligence frameworks and methodologies, including STIX/TAXII, MITRE ATT&CK framework, and other relevant standards.
• Security certification like GIAC Cyber Threat Intelligence (GCTI), GIAC Continuous Monitoring (GMON), GIAC Certified Intrusion Analyst (GCIA) or GIAC Certified Incident Handler (GCIH) or equivalent a plus.

Job Type: Full-timePay: Rs223,184.00 – Rs334,777.00 per monthApplication Question(s):

• Would you be able to work in US timings?
• Would you be able to take on-call or emergency shifts?
• This is an office based position, would you be able to work onsite in Lahore office?

Company DescriptionCarpe Diem is a leading IT & Software Development company providing services to clients in North America, Europe, Australia with over 120 Active Clients and …Start Date: 2025/05/16Company:Salary: 200,000 – 300,000 per monthJob Type:Location:

Expected salary:

Location: Lahore, Punjab

Job date: Thu, 22 May 2025 03:45:39 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck