Job Duties (Summary):

• Senior Security SOC Analyst works in 24/7 team and in shifts which include nights and rotational weekends.
• The role is a key part of our Security Monitoring Incident Response team, involving in investigating alerts/events that trigger from MS Sentinel / SIEM and EDR Tools and other end point tools.
• Senior Analyst will be the internal escalation point for the Security analysts within the shift/team and will assist Security Analysts in responding to Security Incidents.

• This role also needs exceptional communication skills (verbal and written), and an ability quickly understand complex information while recognizing familiar elements within complex situations.

   

  Mandatory Skills Needed:

• Sentinel SOC L3 SME should posses the below:
• 1. capability of using KQL query operators to determine root cause for incident investigations Should be an L2/L3 SME in SOC IR (Mandatory)
• 2. Decent understanding and hands-on experience for integrating devices using Method Threat Intelligence, ITSM, Logic App, Function App, and API integration, SIEM’s (Any tool is fine)
• 3. knowledgeable about syslog-based, Native, and AMA Connect integrations.
• 4. Experience in setting up and configuring workbooks, playbooks, and fine-tuning defining new analytical rules.
• 5. practical knowledge with KQL use cases for MITRE framework techniques.
• 6. Should be capable of mentoring L1 analysts on incident investigations.
• 7. Should brain storm new ideas and identify the configuration and network gaps.

Required Skills & Experience:

• Responsible for 24/7 monitor, triage, analysing security events and alerts. Including Malware analysis.
• Should have good hands-on in Microsoft Sentinel and should have ability to query using KQL [Mandatory]
• Familiarity with core concepts of security incident response, e.g., the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs), etc...
• Strong knowledge of email security threats and security controls, including experience analysing email headers.
• Analysing Phishing emails and associated Threats and to remediate them by blocking the Url’s analysing the malware(s),link(s),IOC’s.
• Good understanding of Threat Intel and Hunting.
• Good hands on experience in investigating EDR alerts (Tanium, CrowdStrike, etc..)
• Good hands on experience in using XSOAR Platforms (Demisto, Phantom, etc..)
• Strong technical understanding of network fundamentals and common Internet protocols, specifically DNS, HTTP, HTTPS / TLS, and SMTP.
• Experience analysing network traffic using tools such as Wireshark, to investigate either security issues or complex operational issues.
• Experience reviewing system and application logs (e.g., web or mail server logs), either to investigate security issues or complex operational issues.
• Knowledge in investigating security issues within Cloud infrastructure such as AWS, GCP, Azure (Preferred not mandatory)
• Good knowledge and hands-on experience with SIEM systems such as RSA Netwitness/Splunk/AlienVault/QRadar, ArcSight or similar in understanding/creating new detection rules, correlation rules etc...
• Experience In defining use cases for playbooks and runbooks (Preferred)
• Experience in understanding log types and log parsing
• Strong passion in information security, including awareness of current threats and security best practices.

Basic Qualifications (Preferred not mandatory if Candidate has equivalent knowledge)

• Bachelor’s Degree in Computer Sciences or equivalent (Preferred not mandatory)
• Minimum of 3 years of experience in a Security Operations Centre (SOC) or incident response team (CSIRT Team member).
• Overall 3+ experience in Information Security/IT Security/Network Security.
• CEH, CISSP, OSCP, CHFI, ECSA, GCIH, GCIA, GSEC, GCFA certification (minimum One certification - Preferred not mandatory)
• A relevant specialist degree (e.g., information security or digital forensics).
• Knowledge in NIST CSF, MiTRE & ATTACK Framework.
• Active involvement in the Information Security community.
• Certified in Azure Security [SC-200, AZ-500, AZ-900] Either one or more [Mandatory]