Job Descriptions
This is a SOC L2 position that will be integral part of 24/7 SOC monitoring. SOC L2 analyst will function as shift subject-matter experts (SMEs) and lead on incident detection and analysis techniques.
Key Responsibilities
- Collaboration and Escalation:
- To timely response to security alerts using a combination of technology solutions and a complete & reliable set of documented processes on a 24 x 7 x 365 basis
- Act as a point of escalation for Level-1 analysts in 12-hour shift rotation
- Escalate suspected incidents to L3 with detailed analysis and actionable recommendations.
- Interfaces and collaborate with other teams for incident escalations and resolution
- Work closely with SOC Head to better security operations and address identified deficiencies
- In-Depth Analysis:
- Perform due diligence and in-depth analysis on escalated security alert from Level-1 analyst and escalate to respective team for further action in timely manner
- Assist in threat hunting activities to identify potential vulnerabilities.
- Incident Response: Involve in incident response steps, perform root cause analysis and recommend solutions to mitigate risks
- Coaching and mentoring:
- Support Level-1 alert analysis by providing advanced analysis services to include recommending containment and remediation processes and independent analysis of security events
- Mentoring Level-1 analyst to improve detection capability within the SOC and feedback on work quality
- Continuous Improvement:
- Challenge and suggest improvement on existing processes and procedures in a very agile and fast-moving information security environment
- Receive and review tuning request from Level-1, provide recommendations in use case tuning and optimization of security systems
- Documentation & Reporting: Ensure all relevant processes are documented, complete, accurate and updated at least on a yearly basis or as and when any changes
Other Skills Required (if Applicable)
- Demonstrated ability to work in a team environment, train and coach other team members
- Experience with investigating using a wide variety of detective technologies such as SIEM, packet capture analysis, host forensics and memory analysis tools
- Understanding and knowledge of threat landscape in terms of the tools, tactics, and techniques of attacks
- Excellent analytical and problem-solving skills
- Great communication skills, both written and verbal
- Ability to effectively communicate technical and non-technical issues both verbally and in writing
- Hands-on experience in working with Security Operation Centre
Relevant technical and industry certifications are a plus, e.g. SANS certifications
