Purpose

To protect the organization by pro-actively monitoring for Cyber Security Incidents.  This includes the Identification, Analysis, Triage and Response. Administer and configure policies on security products. Guidance of L1 SOC Analysts

Key Objectives:

Experience

• Minimum 2 years’ experience in a SOC Analyst Role (SOC operations experience
• Security Product Knowledge such as
  • Networking and security
  • Microsoft Products (Azure, ATA and ATP, BitDefender)
  • End Point Detection (EDR) products
    

• Technical Knowledge
  • Understanding of common network services (web, mail, DNS, authentication)
  • Knowledge of host-based firewalls, Anti-Malware,
  • General Desktop OS and Server OS knowledge
  • TCP/IP, Internet Routing, UNIX / LINUX & Windows

• Understanding of modern malware threats
• SANS Knowledge
• Familiarity with system log information and what it means

• Remediation Recommendations
  • Provide mitigation recommendations for each identified security incident where applicable
  • Based on the types of alerts and actions being taken identify root causes and recommend ways to improve the protection capabilities of the organization
• Case Management
  • Update the alert/case information with closure information (All fields that are required to be updated when the alert/case is closed
• Manage and Administer Technical Controls
  • Create, configure and deploy policies and signatures on technical security controls
• Reporting
  • Run, analyse and interpret reports on different platforms.
• Perform Threat Hunts
  • Document the outcome of the hunt with recommendation if any IOC’s picked up.
• Oversight of Level 1 SOC Analysts
  • Assisting L1’s during investigations and review the recommendations made
  • Guiding and Mentoring of Level 1 SOC Analysts
  • Knowledge transfer and in-service training to SOC L1s on SOC technologies.
  • Training of SOC L1s on security aspects and principles (endpoint, malware, network, perimeter etc).
• War rooms
  • Facilitate shift hand overs and War Rooms. Sign off shift hand overs and ensure it is saved to the SOC share.
  • Facilitate/Participate in war room and discuss and dissect incidents – even the closed ones. Add additional information / outcomes / IOCs / recommendations etc to the incident in XSOAR.
• Implementation and improvement of existing processes and templates.
  • Responsible for logging changes to update the security products to pro-actively block potentially malicious actions (e.g. URL’s, phishing emails, etc)
  • Playbooks – Feedback into the SOC Operational Manager around tuning of playbooks or input into potential new playbooks.

• General
  • Certify in SOC technologies / attend training
  • Maintain and manage SOC technologies (health checks, updates capacity planning etc). Ensure that the SOC technologies runs smooth and are maintained.
  • Establish SOC technology vendor relationship. Open and manage cases to vendor where issues occur. Follow up and drive to conclusion.
  • Draft shift rosters, distribute them and ensure that all SOC staff signed off on them.
  • Implementation and improvement of existing processes and templates.
  • Development of SOC Ops Manual (SOC Portal). Maintenance and update SOC Portal.
  • Draft and deliver monthly reports to clients. You will be assigned to clients on a rotational basis. This will ensure that you are exposed to different technologies / security incidents etc.
  • Threat Intelligence reports to clients (not to be confused with Threat Hunting reports). This goes in as part of the monthly report

• Ad Hoc
  • Threat Intelligence Research

Competencies

Analysis and Attention to Detail

Anticipates, recognises and meets the needs of internal and external clients or customers (however these are defined in the role), taking responsibility for maintaining the highest service standards and developing and sustaining productive client relationships

Problem Solving

Cuts to the core of issues and applies effective analysis, logic and creativity to identify and implement solutions

Time and Self-Management

Plans and manages own output, anticipating obstacles, juggling priorities and following through on objectives within agreed time-frames

Assertiveness

Able to hold one's own in the face of opposition and exert influence calmly, firmly and fairly

Knowledge Sharing

Promotes the generation and sharing of knowledge and learning to enhance the collective knowledge of the team / organisation

Drive and Results Orientated

Is a self-starter and originator who maintains high levels of activity and produces a consistently high-quality output within agreed deadlines.  Prompt and proactive in driving for results and sets demanding goals for self and others

Teamwork

The capacity to work co-operatively with others to achieve shared goals

Verbal and Written Communication

The capacity to listen attentively, present information clearly and concisely and respond appropriately to the verbal and written communications of others.  This includes the ability to regulate delivery in response to the needs of a target audience

Personality Traits

• Self-motivated with ability to work without supervision
• Outcomes Driven (“Can Do” Attitude)

Key Tasks

Analyst Responsibilities:

• Incident Monitoring and Response
  • Review and analyse all alerts and respond according to prescribed processes.
  • Create incidents in a change management system for other teams to take remediation actions when required.
• Incident handling and resolution. Accept escalations from L1s and drive incidents to conclusion.
  • Investigate
  • Escalate to L3 / SOC Manager or client where needed
  • IoC handling
  • Drafting containment and remediation plans
• Monitor adherence to SLAs. Breaches to SLA must be immediately rectified or escalated to SOC manager

Required Qualification

• CCNP Cyberops qualification
• Enterprise Security Product Certifications