This website uses cookies to ensure you get the best experience.

Nir Yu and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Nir Yu career site
Technology · Guadalajara · Hybrid

Cybersecurity Operations Analyst

The Role:

We are growing our Security Operations Center and we’re looking for a talented Cybersecurity Operations Analyst to join and help grow our team. Our Security Operations team is tasked with monitoring and protecting the company from an ever growing number of security risks, and finding new and creative ways to do so. We have a strong focus on engineering and innovation, and are seeking individuals who love to find new problems and hate fixing the same problem twice.

Minimum Requirements:

  • 5+years experience working in cyber security operations
  • Experience with enterprise incident detection and response for on premise and cloud environments
  • Strong working knowledge of threat actors tactics techniques and procedures (TTPs), and the ability to prioritize detection for the environment/company.
  • Experience developing SOC processes and procedures following industry best practices for both enterprise and cloud environments
  • Strong working knowledge of Linux and Windows, and how to detect threats on these systems at scale
  • Implement detection acceptance criteria to minimize alert fatigue, and to guide use case development
  • Assist developing and implementing key results, metrics and measurements to ensure a high standard
  • Hands on SIEM experience building YARA-L rules, tuning them, and responding to alerts
  • Experience with scripting languages: Python, or PowerShell
  • Experience with large scale data warehouse tech - the ability to work with large data sets and write SQL for incident response, analysis, and correlation. Preferably experience with Google BigQuery
  • Excellent communication skills, especially the ability to communicate cybersecurity threats to technical and non-technical stakeholders
  • Develop and improve playbooks and processes for detection and response
  • Expertise leading incident response efforts, in the role of incident commander and/or investigation lead
  • Expert in hands-on-keyboard analysis and forensics for Windows, macOS, Linux and Cloud
  • Author of Python tools to automate and parallelize collection and processing of investigate data, at-scale
  • Developed metrics reporting pipeline, automated dashboard, monthly reports and review process


Responsibilities:

  • Logging 
    • Ensure the security operations team has security relevant cloud, infrastructure and application logs in a parsed format to a unified destination that has best practice data retention
  • Detection 
    • Respond to security alerts & review dashboards to monitor for suspicious activities/alerts for enterprise, cloud and application sources. Analyze suspicious activities/alerts including malware analysis and forensics and respond with appropriate actions.
  • Response 
    • Follow and improve procedures for Incident Response and participating in the cybersecurity on call rotation.



Tech Stack:

Azure, GCP, ELK, Crowdstrike Falcon, Mandiant Redline, Kali, PowerShell, Python, Windows, Linux, macOS, EnCase 6/7/8, FTK Forensic, SOC2, NIST CSF, ISO 27001, MITRE ATT&CK, OpenIOC, YARA, YAML, Snort, PowerForensics, Sysmon, Security Automation, Orchestration and Response (SOAR), Cuckoo Sandbox, VirusTotal, CyberChef,, Regular Expressions (RegExp), SQL, Slack, Jira, ServiceNow, Jupyter notebooks, Threat Modeling

Category
Technology
Locations
Guadalajara
Remote status
Hybrid
Employment type
Full-time

Current Job Openings

More jobs
Technology · Guadalajara · Hybrid

Cybersecurity Operations Analyst

Loading application form