|部署・役職名||Cyber Security Operations Engineer|
1. Daily Security Monitoring of events and alerts on security consoles like SIEM and product portals: SIEM ClearSkies, TrendMicro products＊, Windows products （Security Center, MCAS, etc.）, Fortinet products （FortiSandbox, Fortianalyzer, etc.）, or any other new product SOC decides to start working with.
2. Proposal of new alerts and correlation rules along with its implementation via SIEM support.
3. Creation and resolution along with categorization of Security Incidents Low, Normal, and Medium priority via Security Operations Module＊ in ServiceNow based on NIST standard:
Analysis – Log inspection, information gathering, malware collection and triage based on sandboxing analysis＊, IOC checks, ad－hoc PowerShell scripting, user interviews, etc.
Contain – URL recategorization, malware and malicious email submission to vendors, PC isolation request, account disabling, etc.
Eradicate – Infection removal, antivirus scan request, PC reimage request, software uninstallation request, ad－hoc PowerShell scripting, etc.
Recover – Undo actions in Contain stage if necessary, etc.
Review – Executive summary before Security Incident closure, schedule lesson learns with proposals, etc.
4. Respond to Low, Normal, and Medium priority Security Incidents created/raised by end－users, Service Desk and SIEM an escalate high Security Incidents based on business impact: service disruption （Ransomware, DOS, etc.）, data leak, APT detection, etc.
5. Assist and support Security Incident Manager for High and Critical priority Security Incidents following JTI instructions. While it must be considered extraordinary, this action might be required out of business hours, days off or weekends.
6. Create ad－hoc and weekly reports on processed Incidents.
7. Generate compliancy violation reports and send follow－up emails on compliance issues like Corporate Policy violation
8. Ticket creation with security vendors and follow up until resolution for Security Incident handling, software malfunction, etc.
9. Monitoring of public security feeds and reporting new security trends in daily basics.
【必須（MUST）】Skill – Cyber Security Operations Engineer
· Experience – 5 to 10 Yrs
· Work Location – Yokohama
· Languages – Japanese （N2 and above） ＋ English
· No of positions – 2