Security SME:
- Apply best practices in SOC (Security Operations Center). Interacts with the SOC and NOC personnel to maximize cyber threat prevention measures, enhance audit and logging standards, and enforce and monitor effective cyber security policies and configurations and security event management within the logging and SIEM infrastructure
- Performs as the Senior Technical SME in area of Cyber Security
- Incorporates threat intelligence into countermeasures to detect and prevent intrusions and malware infestation
- Identifies threat actor tactics, techniques and procedures and based on indicators develops custom signatures and blocks
- Interacts with the CIRT “Cyber Incident Response Team” for incident response, recovery, and prevention
- Implement the core Security Intelligence Center (SIC) concepts (SOC vs. SIC, Cyber Kill Chain, APT)
· Have a strong understanding of the enterprise network and how each component contributes to Security Intelligence. Root Cause Analysis for network security alerts
- Have a strong understanding of the tools & techniques necessary to efficiently identify trends and extract indicators from large data sources
- Understand key networking concepts relevant to the Security Intelligence process
- Understand key forensics and incident response concepts critical to the Security Intelligence process
- Understand and work with various categories of electronic evidence including media, email, and networks
- Study the detection and prevention of intrusion and attacks
- Understand structured digital evidence collection and evaluation
- Examine different methods of policy creation, implement a security policy and create a policy document
- Navigate the command line using specific expressions to manipulate data
- Handle and organize disparate data about detections, attacks, and attackers
- Discovery techniques and vetting of new intelligence
- Build better actionable intelligence from data
Good to have
· Degree in Computer Science, related technical discipline, or equivalent practical experiences
· ITIL certification
- Must have at least one of the following current certifications:
- CISSP
- Cisco Certified Network Professional (CCNP) Security
- CASP+ CE
- Experience with Computer network defense technologies and Cyber Kill Chain
- Experience with Threat actor TTP and indicator identification using large data sources
- Work well under pressure with differing levels of Management
- Ability to communicate both verbally and in writing in a clear and concise manner
- Exposure to other network monitoring systems and IT Service Management
SOC Analyst L2:
The primary function of an L2 Analyst is to ensure that the SOC team is performing its
Items functions as required and to trouble shoot problematic incidents and events. In summary, the L2 Analyst shall also act as the technical SME.
Essential Skills
• Experience with Security Information Event Management (SIEM) tools.
• Should have expertise on TCP/IP network traffic and event log analysis
• Knowledge and hands-on experience with Darktrace, Azure Sentinel, Splunk SIEM Tools
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management
• Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products
