Cyber Security jobs
SOC L1 Analyst 24x7
· Experience of 1-3 years in security technologies and incident response management
· Basic understanding SIEM, APT, threat intelligence.
· Performs 24X7 Incident management and monitoring services of security components and associated platform components.
· Report Security Incidents.
· Minor issue resolution.
Role
Responsibility
Monitoring (Tier 1)
• Monitors alerting tools, handles escalated incidents from helpdesk/desk side and end users
• Respond to common alerts in a consistent and repeatable manner from multiple alerting sources
• Provide 24x7 coverage through a combination of onsite normal business hours monitoring and after hours on call
• Responsible for triage of C2 alerts, Phishing attempts & AV Alerts and botnets which will make up the majority of the day to day threats
• Provide escalations of unknown threats to Tier 2
SOC L2 Analyst – 24x7
· Experience of 4-8 years in security technologies and incident response management
· Good understanding SIEM, APT, threat intelligence.
· Resolution of all incidents and service requests assigned by Help Desk.
· Track incident/service request tickets to identify larger-scale
· Technical issues and resolve those issues or pass them to the responsible party.
· Liaison with the 3rd Party and Other towers to resolve 3rd party application/infrastructure related issues.
· Act as Point of Contact, and coordinate with external vendors.
· Ensure the timely, effective and efficient closure of logged incidents.
The L2 Analysts will be split into the following roles:
Lead Incident Responder Analyst (Tier 2)
• Serves as lead investigator identifying threats
• Oversees resolution of complex/lab-wide intrusions
• Serves as a lead investigator and escalation point for incidents
• To provide a 24x7 coverage through a combination of onsite normal business hours monitoring and after hours on call
• Able to manage an incident from start to finish without higher level supervision
• Ensures quality of incident handling efforts and deliverables
• Learns and adapts to current workflows established by Incident Handlers
• Creates checklists and guidelines for repeatable alerts that future SOC analyst can use
• Responsible for resolving escalated event alerts
• Able to run down an incident from start to finish without higher level supervision • Ability to place C2 blocks in proxies
Incident Responder (Tier 2)
• Responsible for actionizing alerts, events, and incidents escalated to them from the Lead Incident Responder
• A lead for Email Operations
• Provide Malware Triage
• To provide a 24x7 coverage through a combination of onsite normal business hours monitoring and after hours on call
• Monitoring for new threats and vulnerabilities
• Create/Update checklists for Monitoring/Tier 1 Analyst
• Assists with patching recommendations and workarounds for 0-day threats
• Coordinates with other external stakeholders
• Communicates with management on incident updates
• Triages alerts as they come in and action appropriately
Maware Analyst (Tier 2)
• Quickly triage malware
• Custom script/tool development
• Performs advanced reverse engineering:
(a) Static and Dynamic
(b) Identifies malware type
(c) Full capability of malware
• Full analysis of C2 communication channels and methods
• Creates custom tools/script to decode C2 communication
• Provides SOC with detailed outline of analysis findings
Forensic Analyst (Tier 2)
• Data acquisition of most hard drives
(a) Host analysis
(b) File System Analysis
(c) Event log analysis
(d) Registry analysis
• Advanced Host analysis
(a) Shadow Copies
(b) Decoding of C2 communication
• Memory analysis
• Malware triage • Data recovery
• Works with other SOC groups to share actionable intelligence gathered over course of investigation
Network Traffic Analyst (Tier 2)
• Analysis of network traffic
(a) Decrypt/Decode payload
(b) Examine traffic for “hacker” activity
(c) Examine traffic to known malicious C2’s
(d) Examine traffic relating to binary downloads
• Building of network signatures to use in security devices
• Works with other SOC groups to share actionable intelligence gathered over course of investigation
SOC L3 Analys
· xerience of 9-12 years in advanced security technologies
· Strong security professional skilled in Security Information and Event Management (SIEM), Vulnerability Management and Security Intelligence, IDAM, Digital Rights Management (DRM), Anti-APT, Data Leak Prevention (DLP), Phishing simulation tools etc
· Provide expertise on resolution that requires a higher level of resolution.
· Assist with Problem and Change management support for the resolution of incidents.
· Proactively identify opportunities of improvement from a technical perspective.
· Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
The L3 Analysts will be split into the following roles:
Malware Expert (Tier 3)
• Serves as lead analyst for reverse engineering
• Able to analyze malware from start to finish without higher level supervision
• Sets malware research initiatives
• Delegates analysis requests from different SOC groups
• Lead developer for tools/scripts created by Malware team
Forensic Expert (Tier 3)
• Serves as lead analyst for computer forensics
• Able to analyse hard drive from start to finish without higher level supervision
• Sets computer forensics research initiatives
• Delegates analysis request from different SOC groups
• Assist in complex data acquisitions (RAIDs, Encryption
Network Traffic Analysis Lead (Tier 3)
• Serves as lead analyst for network traffic analysis
• Able to analyse network traffic start to finish without higher level supervision
• Sets network traffic analysis research initiatives
• Delegates analysis request from different SOC group
Threat Intel Analysts (Tier 3)
• Collaborate with external Cyber Intelligence Organizations
• Ability to research, analyze, and synthesize large amounts of data and information.
• Ability to understand and assimilate intelligence and technical cyber-related data
• Intrusion detection, response or prevention, computer network defense experience
• General understanding of malware analysis, data recovery, information security assurance, network forensics, hacking techniques, digital forensics experience