L3 SOC Analyst

Job Description

<u>Our Client:<br><br></u>Leading US-based technology company.<br><br><u>Responsibilities:<br></u><ul><li>Work as a part of the SOC team</li><li>Operate as a first point of escalation for Tier 2. </li><li>Hunt for suspicious anomalous activity based on data alerts or data outputs from various toolsets. </li><li>Review and build new operational processes and procedures. </li><li>Provide first-responder forensics analysis and investigation. </li><li>Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs). </li><li>Work directly with data asset owners and business response plan owners during low and medium severity incidents. </li><li>Provide advice on the tuning of Security controls like proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities, and exploits of downstream systems. </li><li>Develop SOC use cases, provide tuning recommendations to administrators based on findings during investigations or threat information reviews. </li><li>Perform Threat hunting based on threat intelligence received from CTI team. </li><li>Lead response actions for incidents where CIRT is not required to intervene (low/medium priority). </li><li>Perform administrative tasks per management request (ad hoc reports/ trainings). <br><br></li></ul><u>Functional and Technical Competencies<br></u><ul><li>Passion and drive to work with the potential of significant growth in scope and services</li><li>Good logical and analytical skills to help in the analysis of security events/ incidents</li><li>Experience of network security zones and firewall configurations</li><li>In depth knowledge of TCP / IP</li><li>Knowledge of systems communications from OSI Layer 1 to 7</li><li>Experience with Systems Administration, Middleware, and Application administration</li><li>Experience with Network and Network Security tools administration </li><li>Experience with log search tools, usage of regular expressions, and natural language queries</li><li>Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, and DB logs for investigation purposes. </li><li>Ability to make/create a containment strategy and execute </li><li>Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)</li><li>Good knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack, etc.) and attack techniques </li><li>Knowledge of common security frameworks (ISO 27001, COBIT, NIST)</li><li>Knowledge on MITRE ATT&amp;CK, TTPs</li><li>Advanced network packet analysis/forensics skills<br><br></li></ul><strong>Training, Qualifications, And Certifications<br></strong><ul><li>5+ years of minimum experience in SOC</li><li>2+ years of prior experience at L3 capacity</li><li>CEH certified<br><br></li></ul>Desired – CISSP, GIAC, (GREM), (GCFE), GIAC, (GPEN), CCIE,(CDFE)<br><br>Halian Group<br><br>With over 20 years of experience, we have come to understand that innovation is the only way to provide agile, practical solutions that transform businesses and careers.<br><br>Our resourcing and smart services help you to realize tomorrow’s potential. Discover the amazing things possible when you bring the right people and the right technologies together.<br><br>