CISOC Analyst

We are looking for a CISOC Analyst to join one of the teams that Between has implanted in one of our main clients in the pharma sector.

You will work collaboratively to detect and respond to information security incidents, maintaining and following procedures for security event alerting and participating in security investigations.

Main duties:

1. Perform triage, investigation and hunting activities to identify and validate potential security incidents through:
-SIEM alert analysis and hunting activities:
o It's expected to actively work with SIEM solutions to perform:
- Analysis of security alerts escalated from first level operation team
- Hunting activities over stored logs searching for anomalous patterns and behaviors.
- Traffic capture analysis:
o It expected solid understanding of common protocols and main protocol headers to perform packet capture analysis.
- Payload analysis:
o It's expected solid understanding of most common web attacks and capability to difference between actual attacks and false positives through payload analysis:
o Common web attacks to know:
- SQL Injection
- Cross Site Scripting
- Cross Site Request Forgery
- Local / Remote File Inclusion
- Basic understanding of buffer overflow
- Brute Force attacks
2. Perform Open Source Intelligence investigations regarding potential security incidents, vulnerabilities and threats.
3. Apply countermeasures on security layers for security incident containment
o It's expected to perform some platform management activities to adapt security policies to detect and block malicious or suspicious traffics to avoid further damage.
4. Analyze vulnerability scanner reports and report filtered information to technical teams for remediation
o It's expected capability to understand technical description of well-known vulnerabilities in common OS and applications.
5. Record activities in ticketing system
6. Generate security and activity regular reports
7. Manage small to medium sized projects, or play a key role within a large project team regarding security environment.

Además, trabajando para BETWEEN obtendrás los siguientes beneficios añadidos:

• Posibilidad de formar parte de una empresa en pleno crecimiento a nivel nacional e internacional. Un buen lugar donde trabajar: cuidamos de nuestro equipo y la sociedad a través de iniciativas, programas de conciliación y de responsabilidad social corporativa

• Te integrarás en un equipo de alto rendimiento y con un alto grado de especialización.

• Dispondrás de oportunidades de formación y desarrollo profesional

• Pondremos a tu disposición un amplio abanico de retos y proyectos acordes con tus objetivos personales y profesionales.

• Posibilidad de elegir cómo obtener parte de tu salario gracias a las ventajas fiscales de nuestra Retribución Flexible, y descuentos para acceder a centros de fitness, entre otros

• En BETWEEN, la igualdad de oportunidades es uno de nuestros valores. Nuestro compromiso es contratar al mejor talentos independientemente de su raza, religión, sexo, edad y personas con otras capacidades y promover su desarrollo profesional y personal.

Required Professional Experience:

• Professional experience of minimum 3 years providing services in a SOC in areas related to the activities described above.


• Experience handling actual Security Incidents in enterprise environments (not only educational / training environments)


• Experience working in a virtual, international and multicultural environment.

Required knowledge:

• Base understanding of Linux and Windows operating systems
  i.Components and architecture
  ii.File systems and storage
  iii.Identity and rights management
  iv.System processes
  v.System logs
  vi.Command line management
  vii.Network communication protocols


• Solid understanding about security layers offered by common security systems:
  i.Firewalls
  ii.Intrusion Detection /Prevention systems
  iii.Web Application Firewalls
  iv.Antivirus and Advance Malware analysis systems
  v.Mobile Device Management systems
  vi.Data Leak Prevention
  vii.SIEM solutions
  viii.Disk encryption
  ix.Vulnerability Scanners


• Solid knowledge in one scripting language (Python, PowerShell, Bash, Perl…)


• Solid understanding of common networking protocols, vulnerability management and deep packet inspection technologies


• Base knowledge of common system exploits


• Base knowledge about network attacks


• Knowledge about social engineering techniques