SOC Analyst – Tier 2

Role and Responsibilities

• Work as a Cyber SOC Tier 2 Analyst in DTS Solution – HawkEye CSOC cyber command center
• Reviews asset discovery and vulnerability assessment data.
• Utilize advanced technical background and experience in information technology and incident response handling to scrutinize and provide corrective analysis to escalated cybersecurity events from Tier 2 analysts distinguishing these events from benign activities.
• Provide in-depth cybersecurity analysis, and trending/correlation of large data-sets such as logs, event data, and alerts from diverse network devices and applications within the customer to identify and troubleshoot specific cyber security incidents, and make sound technical recommendations that enable expeditious remediation.
• Conducts deep analysis on production systems to validate resiliency and identify areas of weakness to fix.
• Recommend how to optimize security-monitoring tools based on threat hunting discoveries.
• Assist in identifying (hunting) and profiling threat actors and TTPs.
• Provide recommendations to clients for containment and eradication of threats.
• Supporting the detection, containment, and eradication of APT activities targeting customer networks.
• Proactively search through log, network, and system data to find and identify undetected threats.
• Conduct security tool/application tuning engagements with analysts and engineers to develop/adjust rules and analyze/develop related response procedures, and reduce false-positives from alerting
• Identify and ingest indicators of compromise (IOCs) (e.g., malicious IPs/URLs, etc.) into network security tools/applications to protect the customer network.
• Quality-proof technical advisories and assessments prior to release from SOC.
• Coordinate with and provide expert technical support to enterprise-wide technicians and staff to resolve confirmed incidents.
• Report common and repeat problems, observed via trend analysis, to SOC management and propose process and technical improvements to improve the effectiveness and efficiency of alert notification and incident handling.
• Development of advanced threat modelling techniques and building advanced SIEM use cases.
• Ability to perform in-depth security incident analysis and provide detailed root cause.

Qualification

• 5+ years of experience of network/security architecture or operations experience
• Experience working on specific SOC/SIEM platforms
• Excellent experience in Elastic (ELK), Splunk, Wazuh, LogRhythm
• Experience in SOAR technologies – Demisto, Cybersponse, FortiSOAR, Swimlane
  Excellent experience in MDR or EDR
• Experience in using security tools – commercial and open source
• Experience in defensive technologies – NGFW, AV, VPN, IPS, NETFLOW, DAM, WAF, Proxy, Web Filtering etc. Ability to inspect using PCAP files.
• Understanding of scripting – Python and Powershell
• Ability to create signature rules such as Snort, Yara
• Experience with Threat Hunting and MITRE ATT&CK Methodology

Certifications

• SANS Certified Intrusion Analyst (GCIA)
• SANS Certified Security Monitoring and Operations (GMON)
• SANS Certified Enterprise Defender (GCED) issued by GIAC
• SANS Certified Incident Handler (GCIH) issued by GIAC
• Certified Ethical Hacker (CEH) issued by EC-Council