Job Description:
Candidates in this role will respond to events according to documented procedures and industry best practices. Ideal candidates should be experienced in the areas of networking client/server technologies and analyzing log files with the ability to identify false positive and true positive events. Candidates must have experience in Linux and Windows operating systems. Candidates in this role may also be required to follow the incident response plan and assist SOC Response Analysts when necessary. Candidates must display enthusiasm and interest in Information Security.
Standard Job Requirements
- Provide advanced investigation of security incidents.
- Conduct secondary triage and analysis on escalated events and initial remediation for escalated incidents.
- Profile and trend events in the environment to determine if an incident needs to be created.
- Provide communication and escalation throughout the incident per the corporate security incident response guidelines.
- Communicate directly with data asset owners and business response plan owners during high severity incidents.
- Communicate with Infosec teams on detected incidents that breached SLA/OLA.
- Communicate with IT teams during incidents.
- Hunt for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
- Advanced analysis of alerts.
- Perform advanced analysis of log files.
- Create analyze and review reports and dashboards.
- Perform advanced suspicions email analysis including mail header analysis body and content or attachments.
- Validate audit evidence (Ex: internal audit group audit PCI audit etc).
- Take an active part in the containment of incidents even after they are escalated.
- Escalate issues when necessary as per OLA and procedures.
- Assist in continuous improvement of processes and work with IT teams to improve alerts and rules in the incident monitoring systems.
- Review all Level 1 Analyst documentation.
- Propose and enhance use cases.
- Assign tasks to L1 analyst.
- Performing administrative tasks per management request (ad-hoc reports / trainings).
- 2 Years of hands-on SOC experience covering the full spectrum of detection analysis investigation alerting reporting and proposing remediation actions.