SOC Analyst L2

Job Brief

Responsible for managing, configuring and monitoring the different security systems utilized in a SOC environment. This position involves conducting incident response investigations, performing daily operational security-related tasks (monitor, investigate, escalate and respond) and occasionally assisting in penetration testing projects. The position requires working in a high-pressure, 24/7 shift-based work environment.

Key Responsibilities

• Actively monitor security alerts generated by the SIEM and other security tools.
• Conduct in-depth analysis of security incidents, focusing on root cause identification, impact assessment, and potential containment measures.
• Tune and optimize SIEM searches, reports, and dashboards to improve detection accuracy and efficiency.
• Tune and optimize SIEM searches, reports, and dashboards to improve detection accuracy and efficiency.
• Collaborate with other SOC members to manage and respond to security incidents.
• Perform threat hunting and containment activities to identify and mitigate potential threats proactively.
• Leverage threat intelligence feeds to enrich event data and identify emerging threats.
• Provide actionable intelligence by correlating threat information with internal security incidents.
• Develop new use cases, correlation rules, and detection logic within SIEM to improve threat detection.
• Prepare and maintain documentation, such as incident reports, intelligence briefings, and tuning recommendations.
• Provide feedback and recommendations on improving the efficiency and effectiveness of SOC processes.
• Integrate new data sources and refine monitoring use cases.
• Administer and manage FW and WAF solutions, ensuring configurations align with security policies and best practices.

Requirements

Education Bachelor Degree in Cyber Security, Computer Science, Computer Engineering or any related field.

Level of Experience Limited Experience (2-5Yrs) in a related fields.

Certifications & Licensure

Essential:

One or more of the following technical certificates (or equivalent):

·       Certified SOC Analyst (CSA)

·       Certified Ethical Hacker (CEH)

·       The Certified Incident Responder (eCIR)

·       Certified Threat Hunting Professional (eCTHP)

Desirable:

·       Splunk Core Certified Power User or Splunk Enterprise Security Certified Admin

• Fortinet Network Security Professional
• Certified Threat Intelligence Analyst (CTIA)
• Computer Hacking Forensic Investigator (CHFI)
• GIAC Certified Detection Analyst (GCDA)

Tools & Systems

Essential:

·       Advanced knowledge of the following security systems:

o   Security information and event management (SIEM)

o   Next-generation firewall (NGFW)

o   Intrusion detection and prevention (IDPS)

o   Denial of service (DoS) attacks mitigation

o   Endpoint Antivirus/Antimalware

o   Endpoint detection and response (EDR)

·       Good knowledge of various operating system including Windows, Linux and UNIX

·       Good knowledge of various IT systems including but not limited to database, domain-controllers, email gateways, virtualization and web servers

Desirable:

·       Good knowledge of the following security systems:

o   Email protection

o   Incident response workflow & automation

o   Threat intelligence & threat hunting

o   Network & malware analysis

o   Data loss prevention (DLP)

o   Privileged access management (PAM)

o   Vulnerability assessment and management (VA/VMS)

o   Penetration Testing

Working Environment 90% Office / 10% Field