Security Analyst (SOC Level 2)

Responsibilities:

Monitor third party security feeds, forums, and mailing lists to gather information related to the client through automated means

Produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk through the use of customer, community, and open source reporting

Produce actionable intelligence information for delivery to colleagues and customers in the form of technical reports, briefings, and data feeds

Review vulnerabilities advisories

Review and process threat intelligence reports

Perform detailed investigative works into all traffic anomalies against established, historical baselines of individual agencies. Reviewing and profiling the events of all monitored clients

Assess each event based on factual information and wider contextual information available

Review, propose and generate reports to automate or reduce low value event escalations

Build rules and intelligence to detect such threats and proliferate to all monitored networks

Implementing and devising detection method of such threats in our security operations through SIEM Rules, DB scripts etc

Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available

Supports the development of tactics, techniques, and procedures in providing proactive threat hunting and analysis against the available information sources (e.g. Netflow, DNS and Firewall logs, etc.)

Assist the Security Analysts with the investigative works

Prepare training programme for Security Analyst and conduct knowledge sharing sessions for Security Analyst

Fulfil Change Requests, Service Requests and respond to internal / external enquiries with regards to detection Use Case

Any other tasks as assigned

Requirements:

Degree holder with at least 5 years of experience in related field and capacity

Prior experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT)

Possessed deep interest in open source research and critical thinking / contextual analysis abilities Investigative and analytical problem solving skills

An understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security

Related professional cyber security certification, such as GCIA, CEH, will be preferred

Experience with intelligence analysis processes, including Open Source Intelligence (OSINT) and closed source intelligence gathering, source verification, data fusion, link analysis, and threat actor

Ability to research and characterize security threats to include identification and classification of threat indicators