Job Title: SOC Analyst – L2.
The SOC L2 Analyst role is to handle security alerts received or escalated from the L1 analyst and to lead in-depth analysis on these incidents to identify a root cause analysis according to documented procedures and runbooks during a declared critical or high severity incident.
L2 Analyst will support IR Analyst and enrich security incident with the required investigations, intelligence data and contextual information.
Key Responsibilities and Accountabilities:
- Investigations and perform deep analysis of security incidents escalated by the L1 analyst to provide guidance, actions and oversight on incident resolution and containment techniques or escalate the incidents to the Incident Response team when necessary.
- During a declared critical or high severity incident, Provide communication directly with data asset owners and business response plan owners and escalation throughout the incident per the CSIRP policy definition.
- Takes an active part in the containment of incidents, even after they are escalated, correlation with threat intelligence to identify threat actor and nature of attack, and makes recommendations for incident containment, investigation or closure.
- Document all investigation and response actions as defined in the SOC process and procedure.
- Analysis of False positive incidents and Recommend tuning Security Information & Event Management (SIEM) filters and correlation rules to continuously improve monitoring and detection.
- Propose automation scenarios for repetitive tasks , actions and collaborating with L3 and content engineer for building the required playbooks on SOAR.
- Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.
Qualifications & Experience:
- Bachelor’s degree of Engineering, Computer Science or equivalent
- Minimum of 3 - 5 years of experience in cyber security with minimum 1 year as L2 analyst.
- Experience in a SIEM product is a must. Preferred experience in IBM Qradar.
- Good Knowledge of security analytic tools like EDR, NDR, DLP, DAM, SOAR,..Etc.
- Experience in analyzing security logs from windows, Linux, FWs, IIS, DB Audit trails.
- Good experience with network packet analysis tools.
- Scripting Knowledge like (Python, PowerShell or bash scripting) is preferred.
Certification:
EC-Council Certified Security Analyst (ECSA) or GCIA or GCIH is mandatory.
Skills:
- Very Good Analytical skills
- Good written, oral, and interpersonal communication skills
- Ability to conduct research into IT security issues and products as required
- Team-oriented and skilled in working within a collaborative environment
- Leadership skills.
