CSOC Analyst L2

Job responsibilities:

Responsible to triage operating system related cyber security incidents as a member of Security Operations Center incident responders’ team second line.

Performs deep-dive incident analysis by correlating data from various sources; determines if a critical system or data set has been impacted; advises on remediation; provides support for new analytic methods for detecting threats.

• Proactively monitoring the operating systems alert queue using multiple tools, such as SIEM, EDR and custom-built system monitoring tools.

• Conducting triage of alerts to identify potential, false positives, policy violations, intrusion attempts and compromises on the system level.

• Consolidating data from alert triage to provide context necessary to escalate Tier 3 Analyst.

• Escalate to Tier 3 Analyst with all necessary data for deeper analysis and review.

• Collecting evidence on operating system level for Incident analysis.

• Advises on remediation.

• Supporting operating system related security controls management.

• Supporting operating system related threat detection analytics.

Should have good knowledge of security tools and skills as follows:

• Knowledge about MS Windows and UNIX based systems

• Knowledge TCP/IP version 4 and version 6

• Manual testing skills

• Automation testing skills

• Technical writing skills

• Problem solving skills and attention for detail

• Malware analysis sandboxing solution, Security Event and Incident Monitoring System (SIEM), Orchestration tool and playbook response concept, Endpoint Detection and Response tool (EDR), Anti-malware systems, Intrusion Detection and Prevention Systems, Firewalls.

Required industry certificates:

• ECC CEH – Certified Ethical Hacker - in good standing

• some of SANS, GIAC, ISACA, (ISC)2 certificates or trainings - in good standing

Recommended industry certificates:

• SANS, GIAC, ISACA, (ISC)2