Data Security Analyst

The Security Operations Center (SOC) are responsible for monitoring, detection, response, and remediation of all security alerts. L1 SOC analysts are the first line of defense within the SOC function. The primary function of this position is to monitor, respond, identify, and analyze alerts across the business via the SIEM and other security tooling. 

The SOC L1 analysts must either assign, triage, remediate, or escalate all identified risks and reduce false positive alerts across the business. This is a 24/7 function and requires some shift coverage as and when applicable.

Responsibilities:

• Continuously monitor the SIEM, EDR and security tooling to protect the business.
• Triage security alerts under the guidance and support of senior analysts and SOC Manager. 
• Refer to SOC playbooks & InfoSec procedures, standards, and policies to understand the business requirements.
• Collate Threat Intel, log events & artifacts to update the specific ticket for each alert investigation.
• Provide clear summary and handover when/if necessary, on all escalations to level 2 analysts or SOC Manager.
• Provide clear investigative reports when requested for analysis of specific incidents and identified outages.
• Identify trends in alerts, availability of systems, and outages on security log sources across the business.
• Monitor the shared mailboxes and message platforms for internal and external escalations from stakeholders.
• Update tickets throughout event/incident Lifecyle to track trends, impact, scope, analysis & remediation efforts.

Desired Skills:

• Minimum of 2 years of experience in Cyber Security/ Security Operation functions.
• Prior experience of working in Security Operations Center and understanding IR processes, Malware analysis.
• Prior experience in SIEM technologies & security tools: QRadar, FireEye, Sentinel One, Microsoft Defender, etc.
• Knowledge and/or experience with security vulnerability assessment tools: Qualys, Tenable Nessus etc.
• Ability to follow procedures and guidelines, seek clarity whenever unsure of the exact objective or requirement.
• Ability to prioritize tasks when unsupervised, ability to identify the highest risk when monitoring alerts.
• Triage of phishing emails, identifying risks, and communicating them effectively.
• Ability to analyze risks and techniques associated with social engineering.
• Professional and technical oral and written communication.
• Collaborative team player, focused on one team, one goal.
• Should be available to partake in a shift schedule to provide 24/7 SOC support (follow the Sun SOC)
• On-call may be part of the SOC coverage, depending on the experience and regional location.