Decskill, founded in 2014 as an IT Consulting Company, places paramount importance on its greatest asset: its people. Our main mission is to deliver value through knowledge and talent, and we achieve this by fostering a culture of excellence and investing in the development and well-being of our people. With over 600 dedicated professionals and offices in Lisbon, Porto, Madrid, and Luxembourg, Decskill operates across three core areas:
Decskill Talent: We believe that our people are key to our success. Through Decskill Talent, we empower our team to embrace the digital transformation challenges of our clients. We collaborate with clients to drive innovation, ensuring project success and business growth.
Decskill Boost: Equipping our team with the latest tools and methodologies, we optimize Time-to-Market and deliver innovative solutions exceeding client expectations.
Decskill Connect: Our team collaborates closely with clients to implement and manage IT infrastructures that generate long-term value.
At Decskill, we believe that by nurturing and empowering our people to confront the challenges of digital transformation, we create value not only for our clients but also for our entire ecosystem, fostering a digital community dedicated to growth and progress.
We are looking for a SOC Analyst for a hybrid position (Porto).
Integrated within the Security Operation Center (SOC), the Blue Team is the first line of defence, responsible for defending the enterprise's use of information systems by maintaining its security posture against attackers.
The candidate will have 3 main missions:
1) Analysis:
Participation in improving correlation and log analysis rules with Splunk
Mastery of diverse alert investigations linked to different Tactics, Techniques and Procedures
Conduct prioritization, investigations, research of compromission and blocking actions
Interpret or perform first level (Sandbox or manual) minimum scans on malicious codes
2) Response to incidents :
Being able to communicate and escalate efficiently to upper management in case of confirmed incident
Be the point of reference for technical investigation during incident with less senior SOC analysts
Perform retro hunting. Qualify and analyze these elements to determine the cause of the incident, the mode of operation of the attack (vulnerabilities use, tactics, technics, procedures), the scope and the perimeter of compromise
3) Knowledge transfer:
Knowledge transferring in-house knowledge and writing documentation
Being able to support the up skilling of less senior SOC analyst
Requisitions:
1) SIEM/SOAR
Knowledge of the operating principles of Information Monitoring and Security Event Solutions (SIEM).
Good experience of Splunk and Regex search syntax.
Good experience of theHive
3) SYSTEM/NETWORK
Good knowledge of network and system architectures
Knowledge of the operation of intrusion detection probes and event log correlation tools
4) SECURITY:
Good knowledge of Mitre Attack framework and counter measures link to the technics and tactics
Good knowledge of Information monitoring and analysis tools and methods.
Good knowledge of the security standards for different technologies (web servers, messaging, database, DNS, proxy, firewall, etc.)
Have a good knowledge on one or more of the following topics:
Web application vulnerabilities
Malware types (rootkit, ransomware, botnet, etc.)
Obfuscation and persistence technics (cryptography, packing, etc.).
Digital investigation/analysis tools
SandBox behavioral
If you're interested in this job please send your CV in English to
Decskill is committed to equality and non-discrimination with all our talents. We recruit and promote talent, based on diversity and inclusion, regardless of age, gender, ethnicity, race, nationality or any other form of discrimination incompatible with the dignity of the human being. The ideal candidate will be responsible for creating, installing and managing our databases. You will ensure optimal database performance by analyzing database issues and monitoring database performance.