For both L3 Senior SOC Analyst and L2 SOC Analyst:
- Threat Hunting: Proactive identification of advanced threats, anomalies, and malicious activities within the bank's network and systems.
- Incident Response (IR): Participation in the full incident response lifecycle, including detection, analysis, containment, eradication, recovery, and post-incident review.
- Alert Finetuning: Continuous optimization and reduction of false positives from security alerts across various security tools (e.g., SIEM, EDR, IDS/IPS).
- Coordination: Seamless coordination and communication with various internal teams within the bank (e.g., IT Operations, Application Development, Infrastructure, Business Units) during security incidents and daily operations.
- Management Reporting: Preparation of clear, concise, and actionable reports for management on security incidents, threat intelligence, SOC performance, and project status.
- Log Source Validation: Ensuring the proper onboarding, configuration, and validation of security log sources into the SIEM (Splunk) to ensure comprehensive visibility.
- Splunk Expertise: Advanced proficiency in Splunk for security monitoring, dashboard creation, query optimization, and data analysis.
Specific to L3 Senior SOC Analyst:
- SOC Vendor Management: Acting as a primary liaison with various SOC technology vendors, managing relationships, ensuring service level agreements (SLAs) are met, and driving product enhancements.
- Strategic Input: Providing strategic input on SOC roadmap, technology selection, playbooks and process improvements.
- Mentorship: Mentoring and guiding junior SOC analysts.
Resource Requirements and Qualifications
The vendor must provide resources that meet the following minimum qualifications:
4.1 L3 Senior SOC Analyst (1 Resource)
- Experience: Minimum of 7-10 years of dedicated experience in a Security Operations Center (SOC) environment, with at least 3-5 years in a senior or lead role.
- Expertise:
- Demonstrable expertise in advanced threat hunting methodologies and techniques.
- Proven experience in managing SOC vendors, including contract negotiation, performance monitoring, and issue resolution.
- Extensive experience in leading and executing complex incident response activities.
- Deep understanding of SIEM (Splunk preferred) alert correlation, rule creation, and optimization.
- Strong background in financial services industry cybersecurity.
- Application and DB logs
- Application use case
- Technical Skills:
- Advanced Splunk expertise (Splunk Enterprise Security experience highly desirable).
- Proficiency in scripting languages (e.g., Python, PowerShell) for automation and analysis.
- Extensive experience with Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) platforms.
- Familiarity with various security technologies (e.g., Cloud Security, Vulnerability Management).
- Certifications (Highly Preferred): CISSP, SANS GIAC certifications (e.g., GCIH, GCFA, GNFA, GDAT), OSCP.
- Soft Skills: Excellent communication, leadership, problem-solving, and analytical skills. Ability to work effectively under pressure.
4.2 L2 SOC Analyst (1 Resource)
- Experience: Minimum of 3-5 years of dedicated experience in a Security Operations Center (SOC) environment.
- Expertise:
- Solid experience in performing threat hunting activities.
- Hands-on experience in incident detection, analysis, and initial response.
- Experience in finetuning security alerts and managing SIEM rules.
- Understanding of log source integration and validation processes.
- Background in financial services industry cybersecurity.
- Technical Skills:
- Proficiency in Splunk for security monitoring and basic query writing.
- Hands-on experience with Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) tools.
- Familiarity with common security tools and technologies.
- Certifications (Preferred): CompTIA Security+, CySA+, Splunk Core Certified User/Power User.
- Soft Skills: Strong analytical, communication, and teamwork skills. Eagerness to learn and adapt.
