Onsite SOC L2 Analyst based in Al Jubail

Job Description

643226BR<p><br></p>Introduction<p><br></p>At IBM, work is more than a job – it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, lets talk.<p><br></p>Your Role and Responsibilities<p><br></p>This job role is based out of Al Jubail, Saudi ArabiaProvide initial investigation of security incidents escalated from the SOC L1 Function<p><br></p>Check for false positive &amp; duplicates<p><br></p>Provide communication and escalation throughout the incident per the CSIRT guidelines<p><br></p>Communicates directly with data asset owners and business response plan owners during high severity incidents<p><br></p>Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets<p><br></p>Perform analysis of log files and other artifacts to collect more contextual information in order to triage the security threat<p><br></p>Provide first responder forensics analysis and investigation<p><br></p>Drives containment strategy during data loss or breach events<p><br></p>Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)<p><br></p>Works directly with data asset owners and business response plan owners during high severity incidents<p><br></p>Provide tuning recommendations to administrators based on findings during investigations or threat information reviews<p><br></p>Collect contextual information and pursue technical root cause analysis and attack method analysis;<p><br></p>Make content determination to treat the alert as a security incident and assign a severity level;<p><br></p>Close or escalate the security incident to the SOC L3/ Advanced Forensics Function;<p><br></p>In certain cases, the alert/incident can be returned to SOC L1 Function with feedback and suggestions;<p><br></p>The resource must have extensive experience in incident handling and reporting (at least 2 years in a similar role).<p><br></p><strong>Required Technical and Professional Expertise</strong><p><br></p>We are looking for a professional based Al Jubail with the following skills :<p><br></p><ul><li>Strong Analytical and Problem Solving Skills</li><li>Knowledge of network security zones, Firewall configurations, IDS policies</li><li>Knowledge of systems communications from Layer 1 to 7</li><li>Experience with Systems Administration, Middleware, and Application Administration</li><li>Experience with Network and Network Security tools administration particularly IBM SOAR (Resilient) including integrations, scripting and runbook creation</li><li>Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes</li><li>In-depth experience with log search tools such as QRadar, usage of regular expressions and natural language/AQL queries</li><li>In-depth knowledge of packet capture and analysis</li><li>Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat</li><li>Ability to make create a containment strategy and execute </li><li>SOC technical &amp; executive reporting</li></ul><p><br></p><strong>Preferred Technical And Professional Expertise</strong><p><br></p>Training, Qualifications, and Certifications<p><br></p><strong>Preferred</strong><p><br></p>Security Essentials – SEC401 (optional GSEC certification)<p><br></p>Intrusion Detection In Depth – SEC503 (optional GCIA certification)<p><br></p>Hacker Techniques, Exploits &amp; Incident Handling – SEC504 (optional GCIH certification)<p><br></p>OSCP – Pen test With Kali<p><br></p>IBM QRadar and SOAR certification<p><br></p><strong>Recommended</strong><p><br></p>Hacker Guard: Security Baseline Training – SEC464<p><br></p>Advanced Security Essentials – SEC501 (optional GCED certification)<p><br></p>Perimeter Protection In Depth – SEC502 (optional GCFW certification)<p><br></p>Securing Windows and Resisting Malware – SEC505 (optional GCWN certification)<p><br></p><strong>About Business Unit</strong><p><br></p>IBM Consulting is IBM’s consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients’ businesses through the power of collaboration. We believe in the power of technology responsibly used to help people, partners and the planet.<p><br></p><strong>Your Life @ IBM</strong><p><br></p>In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.<p><br></p>Being an IBMer means you’ll be able to learn and develop yourself and your career, you’ll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.<p><br></p>Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.<p><br></p>Are you ready to be an IBMer?<p><br></p><strong>About IBM</strong><p><br></p>IBM’s greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we’re also one of the biggest technology and consulting employers, with many of the Fortune 50 companies relying on the IBM Cloud to run their business. At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it’s time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.<p><br></p><strong>Location Statement</strong><p><br></p>IBM wants you to bring your whole self to work and for you this might mean the ability to work flexibly. If you are interested in a flexible working pattern, please talk to our recruitment team to find out if this is possible in the current working environment.<p><br></p><strong>Being You @ IBM</strong><p><br></p>IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.