CSOC Analyst L1

Responsibilities

Responsible to triage cyber security incidents as a member of Security Operations Center incident responders’ team first line.

• Continuously monitors the operating systems alert queue; triages security alerts; monitors health of operating systems security sensors and endpoints; collects data and context necessary to escalate to Tier 2 Analyst.

• Continuously monitoring the operating systems alert queue using multiple tools, such as SIEM, EDR and custom-built system monitoring tools.

• Continuously monitors health of operating systems security sensors.

• Conduction initial triage of alerts to identify potential, false positives, policy violations, intrusion attempts and compromises on the system level.

• Consolidating data from alert triage to provide context necessary to escalate to Tier 2 Analyst.

• Escalate to Tier 2 Analyst with all necessary data for deeper analysis and review.

Should have good knowledge of security tools as follows:

• Knowledge about MS Windows and UNIX based systems

• Knowledge TCP/IP version 4 and version 6

• Security Event and Incident Monitoring System (SIEM), Orchestration tool and playbook response concept, Endpoint Detection and Response tool (EDR), Anti-malware systems, Intrusion Detection and Prevention Systems, Firewalls.

Required industry certificates:

• Comp TIA CySA+ certificate – Cyber Security Analyst Certification - in good standing

• Incident Response Fundamentals certificate – in good standing

Recommended industry certificates:

• Analyst/Administrator for any SIEM solution industry leaders

• Some of SANS, GIAC, ISACA, (ISC)2 certificates or trainings