Senior Analyst

 L2 Security SOC Analyst – Job Description 

Job Description: 

Working in L2 SOC team operates the security monitoring solutions, reacting timely to security events as identified. The role requires working in shift schedule after the initial ramp up period. Provide Incident Response (IR) support when analysis confirms actionable incident. 

Responsibilities: 

The primary responsibility is to identify, secure, and weed out the threats as front-line defense personnel. They are alert and aggressive to filter out suspicious activity and mitigate risks before any incident occur. When an incident occurs, SOC analysts are the first to counter the attacks and make required attempts to defend. Report cyber threats and then implement changes to protect an organization. 

• Monitoring and analysis of cyber security events with the use of Splunk SIEM tool.

• Provide analysis and trending of security log data from many heterogeneous IT security devices 

• Provide threat and vulnerability analysis as well as security advisory services 

• Analyse and respond to previously undisclosed software and hardware vulnerabilities 

• Investigate, document, and report on information security issues and emerging trends 

• Integrate and share information with other analysts and other teams 

• Assist Entry-Level SOC analysts to help them build stronger skills 

• Review SOC Analyst ticket queue, review tickets, closure or reassignment as needed 

• Create/review/modify documentation as needed, to include any process or procedure and thus ensure it’s up to date and standard 

• Maintenance and responsibility of the mailbox – put in outage tickets, ensure there are no emails to triage or vulnerability manager’s to call back on 

• Provide analytical feedback on client network traffic patterns. 

• Provide analytical feedback related to malware and other network threats. 

• Understand information security policies and best practices in client environments. 

• Provide technical support within the Security Incident and Event Management team to assist in the investigation and remediation of security incidents. 

• Escalate incident remediation changes with other business units, vendors and customers, adhering to a predefined ITIL change management framework. This will include liaising with the Service Delivery teams and L3 engineers. 

• Where necessary, liaise and work with Professional Services Engineers and Solutions Architects around incident investigation and reporting. 

• Maintain detailed knowledge of the clients’ environment(s), where applicable, by maintaining and updating relevant documentation such as Network Diagrams, 

• Change management calendar updates/closures 

• Monthly SOC Reports 

• SOC White Board daily/weekly updates 

• Conduct security assessments regularly to identify vulnerabilities and performing risk analysis. 

• Document incidents to contribute to incident response and disaster recovery plans. 

• In the case of third-party vendors, verify their security strength and collaborate with them. 

• Analysis of phishing emails reported by internal end users. 

Qualifications 

B.E/BTech/B.SC with minimum 2-5 year experience required in SOC preferably in Splunk tool.

Preferable Certification: 

• CEH