Principal SOC Analyst

CPX • Full-time • أبو ظبي, AE • 1w ago

Hiring - Principal SOC Analyst

Years of Experience – Minimum of 10+ years’ relevant experience or working in a large-scale ICT environment focused on Information/Cyber Security.

Education – Bachelor’s degree in engineering, computer science, information systems, or quantitative fields.

Required Certifications

EC-Council Certified Ethical Hacker (CEH).
ISC² Certified Information Systems Security Professional (CISSP).

Required Skills

High-level understanding of TCP/IP protocol and OSI Seven Layer Mode.
Knowledge of security best practices and concepts.
Knowledge of Windows and/or Unix-based systems/architectures and related security.
Sound level of knowledge of LAN/WAN technologies.
Must have a solid understanding of information technology and information security.
Expertise in incident response and handling methodologies.
Knowledge of Cyber kill chain, blockchain, and other IR frameworks.
Knowledge of Defense-in-depth techniques.
Knowledge of security event correlation and analytics tools.
Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, covert channel, replay attacks, malicious code).
Knowledge of which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files.
Experience with SIEM tool – preferably proficient with developing correlation rules, dashboards, and custom searches.
Experience with automated incident response tools (PSTools, Sysmon, Carbon Black, etc.).
Experience with packet capture and analysis (tcpdump/windump, Wireshark, etc.).
Experience with host and network forensics.
Strong understanding of security architectures and devices.
Strong understanding of threat intelligence consumption and management.
Strong understanding of root causes of malware infections and proactive mitigation.
Strong understanding of lateral movement, footholds, and data exfiltration techniques.
Experience with host and network practices of processing digital forensic data.
Knowledge of forensic processes for seizing and preserving digital evidence (e.g., the chain of custody).
Knowledge of server, network devices, security devices and diagnostic tools, and fault identification techniques.
Highly result oriented and able to work independently.
Good analytical, technical, written, and verbal communication skills.
Ability to multi-task in a fast-paced and demanding work environment.
Comfortable with a high-tech work environment and constantly learning new tools and innovations.
Self-motivated, curious, and knowledgeable ab information security news and current events.

The principal SOC Analyst is responsible for managing the day-to-day activities of the SOC and overseeing a team of analysts to ensure that security incidents are detected, investigated, and resolved in a timely manner. The role involves collaborating with other security teams to identify and respond to threats and vulnerabilities and providing technical expertise and guidance to support incident response efforts.

Key Responsibilities

Manage the SOC team, setting goals, monitoring performance, and providing training and development opportunities
Validate the Incidents reported by SOC and Senior SOC analysts and provide feedback.
Conduct advanced analysis of threats related to the incident.
Conduct Scope analysis and recommend containment actions for all confirmed incidents.
Develop SOPs to investigate alleged violations or suspicious activity utilizing the available technology.
Document and Publish IR reports for all incidents handled.
Involve Malware Analysts and other internal teams to identify Root Causes and remediate Incidents.
Create Monthly and Quarterly Internal Executive reports.
Identify and determine whether a security incident indicates a law violation that requires specific legal action.
Use specialized equipment and techniques to catalog, document, extract, collect, package, and preserve digital evidence.
Document the original condition of digital/or associated evidence (e.g., via digital photographs or written reports).
Identify data or intelligence of evidentiary value to support counterintelligence and criminal investigations.
Recommend computing environment vulnerability corrections.
Determine tactics, techniques, and procedures (TTPs) for intrusion sets.
Upon investigation of an incident, if it is discovered that it pertains to a malware infection, the Principal Analyst will involve the Principal Malware analyst to take the take response process further.
Conduct tests of security controls by establishing Incident Response plans & procedures.