Duties & Responsibilities
• Help to continuously monitor security alerts queue and perform initial triage to identify any false positives and initiate escalations as necessary.
• Monitors health of security sensors and managed infrastructure, and provide necessary support, including onsite troubleshooting, root cause analysis, incident reports
• Manage ticket queue and take ownership and responsibility of tickets assigned, within agreed SLA
• Collects data, evidence and context necessary for Level 2 escalation
• Works closely with Level 2 & Level 3 team towards the continuous improvement of the service
• Ensure that daily operations and tasks are properly completed or followed up.
• Escalate issues and liaise with subject matter experts as required to resolve issues.
• Prepare scheduled and ad-hoc report and documentation
• Work with the Senior SOC Analyst to manage and improve work activities for engineering team and provide engineering support
• Manage lifecycle of security log sources, including onboarding, modifying and decommissioning of log sources
• Perform data engineering to extract, transform, load for security monitoring
• Work with SOC team to plan and deploy new features and changes to the SOC environment
• Stand-by support after office hours for support issues
• Perform troubleshooting of issues in relation to SOC technologies within the SOC environment
• Monitor service levels of issues and manage escalate issues to Subject Matter Experts when necessary
Requirements
• Diploma or bachelor’s degree in Information Technology
• Working experience with qualification in Splunk or equivalent
• 2-3 years of experience in SOC technologies such as SIEM, SOAR
• Good Linux and network fundamental knowledge
• Regular expression knowledge is required
• Knowledge of scripting languages such as Python, PowerShell and Bash will be an advantage
• Good communication and written skills
• Positive working attitude
• Passionate in information cybersecurity
• May involves slight travelling to regional offices
