'Indeevaram', Infopark Thrissur, Koratty, Thrissur Kerala, India – 680308 Ph : +91 - 487 - 2970 700
SOC Analyst – L2
• Validate the Incidents reported by SOC L1 analysts/operators. The standard SLA to be kept for each incident validation is 30 mins.
• Responsible for incident investigation, evidence collection, diagnosis, recovery within defined SLA and closing incidents.
• Understand information security policies and procedures defined in customer environments.
• Interact with concerned external parties/clients to resolve the queries related to the incidents raised.
• Communicate with external teams/client in proper incident resolution.
• Manage the SIEM incidents knowledge base.
• Create report templates in the SIEM tool as defined by SOC lead.
• Generate the daily reports, weekly reports, and monthly reports on time.
• Maintain the timely delivery of reports.
• Provide shift hand over reports as per defined template.
• Ensure confidentiality and protection of sensitive data.
• Educating and mentoring the L1 team.
• Provide technical and functional support to L1 Team with analytical feedback.
• Identify the intrusion attempts if there are any missed by SOC L1 analyst/ operators.
• Support any duties directed from the SOC lead.
• Perform use case testing and review to revoke obsolete use cases.
• Inform SOC lead of proactive and reactive actions to ensure adherence to security policy.
• Review and understand collected metrics from monitoring systems and be aware of patterns and anomalies.
• Highlight gaps in SOPs to SOC lead.
• Escalation of incident to SOC Lead for non-stand incident.
Experience / Job Competencies / Success Factors: -
• 2+ years technical experience working in a SOC and/or cyber security incident response team.
• Ability to analyze captured data to perform incident response and identify potential compromises to customer networks.
• Possesses a solid understanding of the TCP/IP protocol suite, security architecture, and remote access security techniques/products.
• Experience analyzing both log and packet data utilizing standard tools like Wireshark, tcpdump and other capture/analysis tools.
• Ability to perform network-based forensics and log analysis.
• Strong understanding of incident response methodologies and technologies
• Experience with log management and/or SIEM technologies such as Splunk, ArcSight, LogRhythm and the like.
• Experience with network monitoring tools such as RSA Netwitness, Bluecoat Security Analytics and the like is a plus.
• Experience in working in ELK platform is a plus
• Malware analysis and reverse engineering is a plus.
• Must be reliable and able to function as part of a 24x7 operations center.
• Strong communication skills and presentation skills
• Excellent written and verbal English communication skills are required.
• Must be a strong team player with self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism.
• Demonstrated analytical and problem-solving skills.
• Awareness of frameworks such as MITRE ATT&CK and NIST and how they can be applied effectively within an enterprise.
• Understanding of tools that can be used to assist in investigations; VirusTotal, Passive DNS, WHOIS
• knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus/EDR/EPP products
• Understanding of programming and scripting such as Python, Perl, Bash, PowerShell, C++
Education Qualification Requirements: -
• Any bachelor’s degree in computer science
• Priority for B. Tech (Computer Science/IT/Electronics/Communication Engineering)
• Mandatory: CEH/CySA+/CHFI (any 2 will do)
• Desirable: SIEM product Certifications /GCIH/GCFI/SANS certifications in DFIR