Odyssey was founded in 2002 with the main objective of providing “High-Quality, Cutting-Edge, Cyber-Security, Infrastructure and Risk Management Services” to organizations that value their information assets. Today, Odyssey has a leading position in the regional Managed Security Protection & Outsourcing Services sector; it has also developed ClearSkies SECaaS SIEM, a revolutionary cloud service through which, organizations of any size or industry can manage log data generated from their mission-critical systems, applications and communication links, aided by the service’s Big Data analytics capabilities.
Odyssey™ is ISO 27001 certified and accredited by the Payment Card Industry Security Standards Council (PCI SSC) as a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV). Odyssey delivers its services through multiple strategically located, state-of-the-art data centers and has offices in Cyprus, Greece, Serbia and Dubai.
Odyssey invites applications from competent and aspiring candidates who are up to the challenge of working in a dynamic environment and a corporate culture of strong teamwork, mutual respect and professionalism, for the above position:
Nature of Services:
The primary objective of this service is to act as the first line of response regarding the potential occurrence of a cyber-attack or security incident. Supported by several automated tools such as intrusion detection systems, log correlation engines and SIEM, ticketing system, alerts and warning from internal and external sources, this service involves receiving, triaging and responding to alerts, requests and reports, and analyzing events and potential incidents and to provide the primary support for incident responders. Job involves assessing whether a security incident or the level of exposure of a vulnerability is a true or false positive, tagging the vulnerability or incident with an initial severity classification and to inform the customers and activate the corresponding incident response procedure. Another objective of this service is to follow pre-defined procedures to perform technical tasks related to identity and access management.
The following list of tasks applies to this reference profile. This list is not exhaustive and may evolve in time::
- Real-time monitoring of cyber defense and intrusion detection systems
- Automatic-based processing (centralization, filtering and correlation) of security events
- Human-based analysis of automatically correlated events
- Processing of incoming warnings, alerts and reports
- Categorize events, incidents and vulnerabilities based on relevance, exposure and impact
- Maintain incident response address book
- Provide support to incident responders
- Advise affected users on appropriate course of action
- Monitor open tickets for incidents/vulnerabilities from start to resolution
- Escalate unresolved problems to higher levels of support, including the incident response and vulnerability mitigation teams
- Configure the SIEM components for an optimal performance
- Improve correlation rules to ensure that the monitoring policy allows an efficient detection of potential incidents. For a new component to be monitored, this encompasses
- Analyzing risks and security policy requirements
- Translating them into technical events targeting the system components
- Identifying the required logs/files/artefacts to collect from the monitored system and, if necessary, possible complementary devices to deploy
- Elaborating the relevant detection and correlation rules
- Implementing these rules in the infrastructure
- Configuring and tuning cyber-defense solutions
- Reviewing and improving the monitoring policy on a regular basis
- Produce qualified reports (including recommendations) or alerts to SOC customers and follow-up on actions
- Contribute to the design of the overall monitoring architecture, in close relationship with the customers/system owners, on the one hand, and the security operations engineering team, on the other hand.
- Produce and maintain accurate and up-to-date technical documentation, including processes and procedures, related to security incidents and preventive maintenance procedures
- Handle incidents, requests and problem tickets of customers or internal users.
- During security incidents, implement detection means to monitor attacker activities in real-time
- During security incidents, support the incident response team in the review/analysis of security logs.
- Provide activity reports to management to demonstrate service SLA and service quality
- Excellent working experience on the Windows and Linux operating system environments.
- Excellent knowledge of networking design principles and protocols:
- TCP/IP, IPv4 and IPv6.
- Layer 2, Layer 3 and Layer 4-7 networking concepts.
- Strong interpersonal and communication skills.
- Ability to deliver high quality and client focused deliverables.
- Excellent verbal & written communication in Greek and English language.
Certifications in Incident Analysis/Response such as the following, will be considered an additional advantage:
- GCIH (GIAC Certified Incident Handler)
- GCIA (GIAC Certified Intrusion Analyst)
- ECIH (EC-Council Certified Incident Handler)
- CSIH (SEI Certified Computer Security Incident Handler)
or an equivalent certification recognized internationally.
Certifications in any of the following technologies will be considered an additional advantage:
- IBM-ISS SiteProtector, Network and Server Intrusion Detection
- Check Point Firewall-1 CCSE and CCSA
- Cisco CCNA
- Imperva Web Application Firewall
- McAfee Security Specialist (CMSS) or Security Professional (CMSP)
Candidates should possess a Greek Work permit
An attractive remuneration package will be offered to the successful candidate, which includes 14th salary, bonus
Please send cover letter and CV to the following email: [Για να στείλετε τo βιογραφικό σας κάντε κλικ εδώ]