Tier 2 Security Operations Centre (SOC) Analyst
Job Requirements
Education: Bachelor’s degree
Work experience: 2 years
Language skills: English
Job Summary
Contract Type: Full time
REQUIRED EDUCATION, EXPERIENCE, AND SKILLS
Academic Qualifications:
- University degree in Information technology/Computer Science/Electrical Engineering/Telecommunications.
Professional:
- Training in Security event triage
- Security certification e.g. Security+, CySA, CEH,
- Incident Handler training/certification e.g. ECIH,
- SIEM Certification e.g. Splunk, QRadar, Fortinet
Desired work experience:
- Two years’ experience in security and Network infrastructure support in medium to large organizations.
- Experience working with different SIEM solutions
- Two years’ experience in security event triage and analysis.
Technical Competencies
- Knowledge and experience in modern practices for IT infrastructure security architecture and operations in medium to large organizations to provide guidance on incident handling
- Interpersonal skills to effectively communicate with and manage customer expectations (internal and external), and other stakeholders who impact performance.
- Technical skills to effectively perform or guide performance of analysis and incident handling activities/tasks in a manner that consistently produce high quality of service.
Related Job Protocol and Administrative Assistant At Un Women
Behavioural Competences
- Self-empowerment to enable development of open communication, teamwork and trust that are needed to support performance and customer-service oriented culture.
- Leadership to nurture and sustain employee satisfaction, and to manage changes.
- Interpersonal skills to effectively communicate with and manage customer expectations (internal and external), and other stakeholders who impact performance.
KNOWLEDGE, SKILLS AND ATTRIBUTES:
- Basic understanding and appreciation of technical design and business principles
- Demonstrates fundamental project management and administration ability
- Display customer engagement skills
- Demonstrate relevant domain specialist knowledge
- Good verbal communication skills
- Client focused and display a proactive approach to solving problems
- Ability to work under pressure
Responsibilities
Incident Handler
- Primarily responsible for incident response
- Analysis and determination of an incident response strategy to use in response to a declared incident.
- Coordinate client CSIRT team activities to ensure incidents are resolved in a timely manner
- Report on status of incidents to client and the business
- Document incident response actions from detection to eradication and share with the team for review and debrief, and to facilitate information sharing between TIC and other teams.
- To provide management oversight for the management of incident detected by the SOC, and escalations according to defined set of policies, processes, procedures, and SLA’s.
Analyst II role
- Analyse events escalated by tier 1 analysts and approve, if necessary, further investigation of the events
- Mentor tier 1 analysts to improve decision-making and analysis of incidents
- Correctly scope extent and breadth of incidents by identifying IOCs, all infected hosts, and root cause/ patient zero
- Review shift logs and handover reports for any escalations or key events that require urgent attention
- Where possible, institute initial containment, eradication, and recovery measures for declared incidents
Vulnerability Management
- Review vulnerability reports for scans ran by Analyst I
- Refine reports and share with clients, and organize sessions to guide clients on closure of critical vulnerabilities
SIEM Support
- Document noisy SIEM rules for review to reduce false positives
- Ensure uptime of agents and collectors
- Work closely with vendor to deliver desired client reports and dashboards
- Document detection gaps for review and detection engineering
Automation Support
- Review daily SOC activities to identify possible automation areas
- Work closely with SOAR team in defining playbooks and testing automations.