Act as the Tier 2 Escalation Point for all validated threats filtered by the L1 team.
Conduct deep-dive forensic analysis on endpoints, memory, and network traffic to identify root causes.
Lead containment and eradication efforts for multi-stage attacks (e.g., Ransomware, Business Email Compromise).
Maintain a comprehensive awareness of the current threat landscape, including malware, phishing attacks, and advanced persistent threats (APTs).
Create/review/modify documentation as needed, to include any process or procedure and thus ensure it's up to date and standard
Daily/Weekly/Monthly SOC Reports.
Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures.
Threat Hunting & Detection Engineering
Proactively hunt for stealthy threats that bypass automated security controls using the MITRE ATT&CK framework.
Develop and deploy custom SIEM correlation rules and EDR queries to detect advanced adversary techniques.
Convert Tribal Knowledge into automated Level 1 Playbooks to empower the junior team.
Mentorship & Quality Assurance
Perform Case Reviews of L1 investigations to ensure high data quality and provide technical coaching.
Coordinate with the Global Follow-the-Sun leads to ensure smooth handovers of high-priority incidents.
Actively participate in post-incident reviews to identify lessons learned and recommend improvements to processes and technologies.
Provide feedback and recommendations to enhance detection and response capabilities.
Participate in continuous improvement of security operations processes and toolsets.
Mentor and train junior analysts, sharing knowledge and best practices to strengthen team capabilities.
Requirements
Experience in developing SOC use cases in SIEM to correlate diverse logs, including the creation of new monitoring use case logic and enabling effective investigation of security alerts and incidents.
Knowledge of Cyber Threat Intelligence, including the analysis of intelligence alerts, threat hunting, and providing actionable recommendations.
Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP.
Understanding common threat vectors ie malware, email, and website analysis at a medium to high level.
Strong understanding of security incident management, malware management and vulnerability management processes.
Strong knowledge of IT and system administration skills in modern operating systems.
Exposure to SIEM, EDR, SOAR, TIP, & ServiceNow tools etc is required.
Ability to remain focused during repetitive monitoring while maintaining a high attention to detail.
Ability to translate complex technical findings into actionable insights for diverse stakeholders.
Some experience with cloud service providers like AWS and Azure would prove valuable.
Experience with Splunk ES would be a plus.
Bachelor's Degree in relevant field of studies.
3-5 years of experience in a SOC environment or equivalent technical role.
Valid certification for either CEH/ECIH/CHFI/Any SIEM Technical Certification/Any Firewall Technical Certification/or any other industry-related certificate.
Demonstrated commitment to continuous learning and intellectual curiosity within the cybersecurity domain.
