SOC Analyst II
Abu Dhabi, AE
Key Accountabilities
• Monitor organizations SIEM and security related device such as Firewall, IDS, EDR and DLP.
• Processes data collected from various sources to assist in cyber investigations, such as system logs, application logs, firewall logs, packet captures.
• Performs network assessments and forensic analysis when directed.
• Assists Tier 1 with cyber security related incidents and handles all incidents escalated to them.
• Processes data collected from various sources to assist in cyber investigations.
• Analyze internal operational architecture, tools, and procedures for ways to improve performance.
• Collaborate with development organizations to create and deploy the tools needed to achieve objectives.
Day to Day Activities
• Providing in depth security analysis of events escalated by Tier 1
• Enriching incident with context information
• Maintaining ownership of incident, until proper handover to SOC Lead or Incident handler is completed
• Assisting SOC Lead and Incident Handler in achieving resolution of the incident
• Monitoring of log and SIEM infrastructure
• Developing and maintaining procedures, techniques and approaches to incident response. Documenting the IR playbook.
• Producing report and visualizations
• Developing and maintaining metrics
• Engaging in false positive reduction
• Developing and maintaining detection rules for the SIEM
Requirements:
• UAE National
• A bachelor degree in a related field (IT, engineering) is preferred.
• Proven experience in or knowledge of TCP/IP, Mitre ATT&CK and Cyber Kill Chain
• Advanced knowledge of security management and monitoring tool such as Splunk, as well as IT ticketing systems
• Strong Working knowledge of EDR Carbon Black or other EDR product
• Working knowledge of IT ticketing systems, case management tools such as TheHive or Resilient.
• Good understanding of network and system architectures, HLD and LLD
• Experience on Linux and Windows Operating Systems
• In-depth knowledge on security devices and applications such as DLP, Endpoint Security (Carbon Black), Firewalls as well as authentication services like ACL, TACACS, RADUIS
• Strong understanding of Change Management and Incident handling
• Working knowledge of NIST Security Control Standards
#BEACONRED
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Carbon Black Cyber Kill Chain EDR Endpoint security Firewalls IDS Incident response Linux MITRE ATT&CK Monitoring NIST Security analysis SIEM SOC Splunk TCP/IP Windows
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.