Sr. Analyst, Soc

Overview:
The Sr. SOC Analyst is responsible for providing Security Operations Center (SOC) analysis, including user monitoring activities, incident and request ticket management, and deep dives into threat hunting. This role involves identifying and investigating abnormal security events, coordinating incident investigations, handling cyber-attacks, and conducting threat hunting operations. The Sr. SOC Analyst will monitor the dark web for potential threats, stay updated on current vulnerabilities and penetration techniques, and develop reports and briefings for management. They will perform Tier 2 alert monitoring, evaluate and triage alerts, differentiate between false positives and true positives, and regularly tune SIEM alerts. Additionally, they will serve as an escalation point for Tier 1 SOC Analysts, provide training on new technologies and attack vectors, and manage the full incident handling lifecycle with customers. The Sr. SOC Analyst will contribute to internal documentation, ensure adherence to SLA targets, participate in strategic and operational projects, and troubleshoot complex problems independently. This position will support a 24/7 follow-the-sun support model.

Job Qualifications:
Daily Responsibilities
- ** Threat Hunting & Intelligence**: Identify and investigate abnormal security events, coordinate incident investigations, and handle cyber-attacks. Conduct threat hunting operations, monitor dark web for potential threats, and maintain awareness of current vulnerabilities and penetration techniques. Develop reports and briefings for management.
- ** Alert Monitoring & Tuning**: Perform Tier 2 alert monitoring, evaluate and triage alerts, and differentiate between false positives and true positives. Regularly tune SIEM alerts and provide recommendations for improvements based on investigation findings.
- ** Escalation Support**: Serve as the escalation point for Tier 1 SOC Analysts, offering guidance and recommendations on handling security events and alerts.
- ** Training & Development**: Assist in training Tier 1 SOC Analysts on new technologies, attack vectors, and Tactics, Techniques, and Procedures (TTPs).

**Required Skills**:

- Understanding of common attacks (e.g. brute force, SYN flood, session hijack, smurf etc.)
- Strong knowledge and experience in security analysis
- Strong analytical and problem-solving skills are needed to perform the job of a SOC analyst
- Understanding of network protocols (TCP/IP stack, SSL/TLS, IPSEC, SMTP/IMAP, FTP, HTTP etc.)
- Understanding of Operating System (Windows, MacOS, and Linux), web servers, database and security devices (firewall/NIDS/NIPS) logs and log formats
- Professional attitude towards teammates and colleagues, with ability to function as an effective team member
- Passionate about the cybersecurity domain and has the inclination to learn current technologies / concepts / improvements
- Excellent verbal and written English communication skills

Preferred Skills:

- Ability to perform analysis of security logs to detect unauthorized behavior
- Previous experience in security incident handling, documentation, root cause analysis, troubleshooting and publishing post-Incident Reports.

Required Experience:

- 3-5 years of technical experience in Security Operations Center (SOC) and Cyber Security Incident Response.
- Experience with one or more Security Information and Event Management (SIEM) solutions (such as McAfee, LogLogic, Splunk, QRadar, ArcSight)
- Experience with one or more EDR solutions (such as SentinelOne, CrowdStrike, Microsoft Defender)
- Familiarity with one or more WAF solution (such as Akamai, F5, Cloudflare)
- Experience with cloud services (Azure, AWS, and GCP)

Required Education:

- Bachelor’s degree in any stream or equivalent.

Preferred Certifications:

- Systems Security Certified Practitioner (SSCP)
- CompTIA Security+
- CompTIA CySA+
- Certified Incident Handler (ECIH)
- Other cybersecurity or related certifications