We are hiring a SOC Analyst L2 for our office located in infopark, Koratty, Thrissur.
Validate the Incidents reported by SOC L1 analysts/operators. The standard SLA to be kept for each incident validation is 30 mins.
Responsible for incident investigation, evidence collection, diagnosis, recovery within defined SLA and closing incidents.
Understand information security policies and procedures defined in customer environments.
Troubleshooting and Fine Tune SIEM platform.
Interact with concerned external parties/clients to resolve the queries related to the incidents raised.
Communicate with external teams/client in proper incident resolution.
Manage the SIEM incidents knowledge base.
Create report templates in the SIEM tool as defined by SOC lead.
Generate the daily reports, weekly reports, and monthly reports on time.
Maintain the timely delivery of reports.
Provide shift hand over reports as per defined template.
Ensure confidentiality and protection of sensitive data.
Educating and mentoring the L1 team.
Provide technical and functional support to L1 Team with analytical feedback.
Identify the intrusion attempts if there are any missed by SOC L1 analyst/ operators.
Support any duties directed from the SOC lead.
Perform use case testing and review to revoke obsolete use cases.
Inform SOC lead of proactive and reactive actions to ensure adherence to security policy.
Review and understand collected metrics from monitoring systems and be aware of patterns and anomalies.
Highlight gaps in SOPs to SOC lead.
Escalation of incident to SOC Lead for non-stand incident.
Experience / Job Competencies / Success Factors: -
1+ Years’ experience in Azure Sentinel
3+ years technical experience working in a SOC Analyst and/or cyber security incident response team.
Skills and knowledge in Programming/Query Languages (Shell Script, Powershell Python for automation and KQL, AQL etc for log analysis)
Ability to analyze captured data to perform incident response and identify potential compromises to customer networks.
Possesses a solid understanding of the TCP/IP protocol suite, security architecture, and remote access security techniques/products.
Experience analyzing both log and packet data utilizing standard tools like Wireshark, tcpdump and other capture/analysis tools.
Ability to perform network-based forensics and log analysis.
Strong understanding of incident response methodologies and technologies
Experience with log management and/or SIEM technologies such as Azure Sentinel, Splunk, ArcSight, LogRhythm, LogPoint and the like.
Malware analysis and reverse engineering is a plus.
Knowledge and Skills in Analysis and Log correlation to identify intrusions
Must be reliable and able to function as part of a 24x7 operations center.
Strong communication skills and presentation skills
Excellent written and verbal English communication skills are required.
Must be a strong team player with self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism.
Demonstrated analytical and problem-solving skills.
Awareness of frameworks such as MITRE ATT&CK and NIST and how they can be applied effectively within an enterprise.
Understanding of tools that can be used to assist in investigations; VirusTotal, Passive DNS, WHOIS
knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus/EDR/EPP/XDR/NDR products
Education Qualification Requirements: -
Any bachelor’s degree in computer science
Priority for B. Tech (Computer Science/IT/Electronics/Communication Engineering)
Mandatory: CEH/CySA+/CHFI (any 2 will do)
Desirable: SIEM product Certifications /GCIH/GCFI/SANS certifications in DFIR