SOC Analyst Level 2

Do you have the drive to understand the actions of organized attackers? Do you have the passion to identify intrusions and stop attackers? Security Operations Center (SOC) is looking for a seasoned and dynamic person to thrive in a Senior Security Analyst role focusing on detection, prevention & response to threats against the network. This person will have the opportunity to work on technology and processes with a global reach. The data that is produced will be used to drive security initiatives at a higher level. This role is an integral part of the security controls that is used to protect its data and intellectual property. To be successful you’ll need to demonstrate you have the skills and aptitude to understand and support our complex systems and processes that enable the delivery of our world-class services. This position also requires the ability to work with a variety of different groups; communicate effectively in email and in person, drive a problem to resolution or know when to escalate and seek assistance; work independently and as part of a team; follow through on work items and requires a keen attention to detail.

Detailed Responsibilities

A Level-2 SOC Analyst is responsible for the optimal operation of the filters, rules, expressions and other identification mechanisms of the threat and vulnerability management technologies. The Level-2 Analysts are senior analysts that can work simultaneously on multiple security incidents and daily operational problems. The Level-2 Analysts are continually refining the rules logic to make the SOC team more efficient and effective.

The SOC analyst reports to the SOC manager and is an involved member of the SOC team. The candidate must display an in-depth understanding of new trends and technologies related to IT security and compliance, and contribute to the company IT security strategy and roadmap. As a SOC Analyst, you will be responsible for utilising the SOC’s SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks.

You will coordinate mitigation, response and investigation efforts when security incidents arise. You will determine and suggest containment, eradication and recovery actions to respond and remediate in a timely manner as well as keep monitoring the resolver groups for efficient turnaround times.

You will be guided by Threat Intelligence which is actionable information (e.g. IOCs/TTPs), conduct threat hunting activities; leveraging and analysing sources of information as available through the SIEM, in addition identify and investigate potential suspicious activity as well as helping organisation’s identify, isolate and contain security issues.

Key Operational Activities

• Proactive monitoring and response of known and or emerging threats against the network.
• Gathering information about high-value assets, threat landscape, and breach exposure from a myriad array of sources.
• Conducting detailed & comprehensive investigation and triage on wide variety of security events, and implement remediation processes.
• Perform complex data analysis in support of security event management.
• Participation on Incident Response that includes root cause and lessons learned.
• Collaborate with Level 3 analysts, incident responders, engineering team, and customer’s security teams to coordinate incident response and remediation efforts.
• Identify opportunities to improve process and/or tools to ensure highest level of quality, including documentation, mentoring and training sessions.
• Participate in shifts, on-call and after-hours support of incident management.
• Manage Shift resources and activities, supervising, monitoring, mentoring and acting as escalation point for L1s, driving shift metrics and managing shift handovers.
• Performing binary analysis on suspicious files.
• Participation in the development of new SIEM rules and analytics.
• Conduct security research and intelligence gathering in regards to emerging threats and exploits.
• Participate in Customer projects

Requirements / Qualifications:

• 3+ years’ experience of one of the following:
• Network operations or engineering, including packet analysis administration on Unix, Linux, or Windows
• 3+ years’ experience with common security operations systems, Intrusion Detection Systems (IDS/IPS), Security Incident Event Management systems (SIEM), anti-virus log collection systems, vulnerability management, etc.
• Demonstrated experience with a wide variety of security logs to detect and resolve security issues.
• Strong problem resolution, judgment and decision-making skills
• Proactive and cooperative relationships exist within own team and other individuals/groups that interface with the team.
• Excellent interpersonal and group dynamic skills.
• Highly developed analytical and problem-solving skills.
• Familiarity with current legal and regulatory requirements around information security and privacy, including GDPR, PCI, SOX, HIPAA, etc
• Ability to deal with the ambiguity associated with working in a fast paced and changing environment
• Excellent written and oral communication skills.
• Experience with security events, including large-scale breaches, is a must; as is the ability to identify themes and trends out of large datasets.
• CC, CompTIA security+ required
• BA/BS in Computer Science, Information Security, or related field or three years of equivalent experience

Preferred:

• Understanding of an exposure to multiple programming languages
• Knowledge and/or experience in reverse engineering of software is preferred
• Experience in developing correlations between disparate event sources and databases
• CISSP and CEH certification

If you’re a right fit for this role, we encourage you to apply today! HR@odumagroup.com

Back