L2 Security Operation Centre Analyst
Apply on
Responsible for working in a 24×7 IT Security Operation Centre (SOC) environment. The SOC analysts are the first responders to cyber-incidents. They report cyber threats and then implement changes to protect an organization.
Primary Responsibilities:
• Identification, quantifying and tracking of cyber security incidents
• Triage and management of information security events including, where necessary, participation in security incident management
• Respond to inbound Change Requests (CRs), Service Requests (SRs), Queries for handling Incident Management
• Provide Incident Response (IR) support when analysis confirms actionable incident
• Security administration and auditing of privileged systems access
• Provide threat and vulnerability analysis as well as security advisory services
• Analyze and respond to previously undisclosed software and hardware vulnerabilities
• Investigate, document, and report on information security issues and emerging trends
• Integrate and share information with other analysts from other shift
• Assist L1 SOC analysts to develop and improve their cyber security skills
• Assist Team Leads with reporting, projects, monthly SOC Reports specific to respective projects
• Review SOC Analyst ticket queue, review tickets, closure or reassignment as needed
• Maintaining and tracking all information security related documentation to ensure they remain relevant, appropriate and up to date
• Handle SOC incoming phone calls and triaging phone calls that are not related to monitoring
• Create daily Shift Handoff notes and summary and send to all shifts
• Other duties as assigned by Team Leads and/or Operations Manager
• Will float to cover various work schedules and perform monitoring duties as deemed required
Projects:
• Implementation (New builds or migration) of security tools like SIEM, Firewall, UEBA, End Points, SOAR • Configure and troubleshoot security infrastructure devices
• Device integration and content development inclusive of rules, reports, and custom parsers, playbooks
• Prepare and document project documents (Design, Administrative Guide, Operation Manual, UAT, etc)
• Manage fault rectification process, and troubleshoot hardware and software technical problems using a range of diagnostic utility tools
• Perform periodic preventive maintenance to relevant equipment
• Support relevant projects, initiatives or security activities such as security awareness program, security incident response with relevant teams
Required Qualifications / Experience:
• Diploma/Degree/Bachelor
• 2+ years of experience in Cyber Security / SOC support
• Networking such as TCP/IP, switching / routing and Cybersecurity Concepts
• Working with ITSM /Smart IT ticketing systems
• Security systems including firewalls, intrusion detection systems, anti-virus software, endpoint security and vulnerability management software
• Knowledge of frameworks such as Cyber Kill Chain and Adversary Tactics, Techniques and Procedures
• Candidate should possess the ability to work under pressure with extreme deadlines, prioritize projects & tasks, and maintain focus in a dynamic environment
Preferred Qualifications:
• Diploma / Associates Degree in Computer Information Systems
• CompTIA Network/Security + Certification
• Certified SOC Analyst Certification
• Others IT security qualifications by recognized organisations
• QRadar/Splunk SIEM or any other major SIEM Platform or SOAR platform is desirable
• Exposure to working with a MSSP is an advantage