Analyst, Soc

Overview:
STATEMENT:
The Security Operations Center (SOC) Analyst will be responsible to the protection of client assets and information by monitoring security events and responding to incidents. Perform monitoring and data correlation of events with a focus on root cause analysis, using multiple tools such as system event logs, SIEM, IPS/IDS logs, network traffic, EDR console and client end-point software to determine if there is an incident. Respond to security incident and investigation requests in line with established SIRT processes and procedures within defined service level targets.

This position requires shift work in a 24/7/365 environment, for this reason a shif rotation to cover weekend support will be needed.

DETAILED RESPONSIBILITIES:
1. Monitor security alerts and events from various sources such as SIEM systems, IDS/IPS, EDR, and other security tools.
2. Triages alerts as they come in and action appropriately.
3. Create tickets for necessary tasks that need to be executed by internal/external teams.
4. Respond to common alerts in a consistent and repeatable manner from multiple alerting sources.
5. Identify abnormal security events and trigger the call list / distribution list.
6. Recognize successful cyber intrusions and compromises through log review and analysis of relevant event detail information.
7. Launch and track security investigations to resolution. Recognize cyber-attacks based on their signatures.
8. Differentiate the false positives from true intrusion attempts and help remediate / prevent.
9. Actively investigate the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notify client when appropriate.
10. Perform tasks as identified in a Security Operations Process Manual and runbooks.
11. Investigate and analyze security incidents to identify the root cause and determine the scope of the incident.
12. Develop and implement incident response plans to quickly mitigate any security incidents that occur.
13. Collaborate with other security teams to implement security controls, policies, and procedures to reduce the risk of security incidents.
14. Analyze and assess security incidents and escalates to appropriate internal teams for additional assistance.
15. Develop reports and/or briefings for events/incidents.
16. Conduct systems and tools health checks.
17. Maintain shift logs for all conducted SOC activities during scheduled hours.
18. Should be familiar with handling and mitigating attacks related to viruses, spoofing, hoaxes, malware
19. Stay up to date with the latest security trends, threats, and technologies and provide recommendations for security improvements.
20. Excellent verbal and written English communication skills are most important for the role.

SUPERVISORY RESPONSIBILITIES:
None

Job Qualifications:
REQUIRED QUALIFICATIONS:
(Please be sure that each of the qualifications listed in this section are truly required to perform the essential functions of the job. If not, they should reside in the PREFERRED QUALIFICATIONS section.)

**Skills**: Required
- Understanding of security principles and technologies such as firewalls, intrusion detection/prevention systems, SIEM systems, and network security protocols.
- Understanding of common attacks (e.g., brute force, SYN flood, session hijack, Smurf etc.) and their SIEM signatures
- Experience in security monitoring, Incident Response (IR), security tools configuration and security remediation
- Strong analytical and problem-solving skills are needed to perform the job of a SOC analyst.
- Strong knowledge and experience in Security Event Analysis capability

Preferred
- Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC, SMTP/IMAP, FTP, HTTP etc.)
- Understanding of Operating System, Web Server, database, and Security devices (firewall/NIDS/NIPS) logs and log formats.
- Understanding of String Parsing and Regular Expressions.
- Understand cyber-attack methods, perform analysis of security logs to detect unauthorized behavior, provide daily reports to Team Leader
- Good knowledge in Cybersecurity Incident Investigation, Root cause analysis and troubleshooting and publishing Post Incident Reports
- Providing concise and regular updates to management
- Professional attitude towards teammates and colleagues, with ability to function as an effective team member
- Ability to interact effectively at all levels with sensitivity to cultural diversity
- Ability to adapt as the external environment and organization evolves
- Passionate about Cybersecurity domain and has the inclination to learn current technologies / concepts / improvements.
- Excellent in security incident handling, documentation, root cause analysis, troubleshooting and publishing post-Incident Reports.

Languages:

- Advanced in English

**Experience**:
Required
- 2-4 years of experience with a reputed Services / consulting firm offering Security Consulting, Implementation and Managed Security
- 2-4 years of