Role Description
Role Proficiency:Monitor cyber security s for our global customers in a 24x7x365 operations team under supervision of Team Lead / senior members of the team.
Outcomes
- Under supervision of senior team members ensure that cyber security s from the SIEM and multiple sources are dealt with as per SLA. Seek support of senior members of the team in case of new type incident type or higher complexity.
- Respond independently to low and medium complexity incidents
- Follow documented playbook to ensure consistent and repeatable response to s.
- Ensure Documentation including in CDC / SIEM work log as predefined / agreed standards. Learn from review process for continuously improvement.
- Communicate and escalate as per defined process. Seek advice from senior members of the team when in doubt.
- Put forward topics for inclusion or upgrade in the playbook to the attention of the senior team members.
- Assist the lead in the review process for junior team members.
- Adhere to defined SOC processes including housekeeping tasks. Adhere to the Information Security policies as defined by the company and customer.
Measures Of Outcomes
- Adhere to SLA as agreed with the customer.
- Productivity (Number of s addressed)
- Quality - Percent of tickets that met quality norms
- Adhere to process – Nil NC during audits
- Evidence of skill development including training certification etc.
Outputs Expected
Cyber Security Monitoring:
- Work in accordance with the Playbook / under supervision of the team lead to monitor s in the CDC Platform / SIEM Tool. etc. Ensure appropriate response in line with the SLA.
Cyber Security Incident Management
- Work in accordance with the Playbook under supervision of the team lead to process s through analysis triage and resolution.
- Communicate and escalate as per defined process
- In accordance with the Playbook under supervision of the team lead complete documentation including annotation in CDC / SIEM work log to ensure audit trail as per defined standards and quality requirements.
- In accordance with the Playbook under supervision of the team lead ensure that various reports are created and published to stakeholders
Continuous Learning
Innovation And Optimization
- Ensure completion of learning programs as suggested by Managers
- Suggest ideas that will help innovation and optimization of processes. Help develop the ideas into proposals.
- Provide suggestions for playbook upgrade
Team Work
- Assist junior team members where possible.
Skill Examples
- User level skills in use of CDC SIEM and other relevant tools.
- Ability to identify Use Cases Use Case and Process Improvement suggestions to the Team Lead for consideration
- Excellent logical problem-solving ability and analytical skills for incident triage and analysis
- Good oral and written communication skills.
- Continually learn new technology and stay updated on cyber threats.
- Ability to work in rotating shifts and also be on-call outside of shift hours on a regular and recurring basis.
- Possess unimpeachable personal and professional integrity. Individuals will be required to submit to a background check.
Knowledge Examples
Knowledge Examples
- 1 to 3 years experience in SOC operations with SOC of global organization.
- University Degree in Cyber Security (no back papers) / Bachelor’s in Science or Engineering with training in cyber security
- Proficient in Cybersecurity Incident Management process.
- Up to date in cyber security s and incidents; intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc.
- Understanding of ISMS principles and guidelines; relevant frameworks (e.g. ISO27001)
- Desirable – Training / Certification in Ethical Hacking SIEM Tool etc.
Additional Comments
The primary role of a SOC Level 1 Analyst is to serve as the frontline defense, managing first triage and ranking of security cases, and initiating the threat detection and response processes for client-related security events. The Analyst is integral to the MDR, working collaboratively with other teams to ensure high quality of service, and will be given opportunities for professional growth in cybersecurity. The position entails conducting inquiry procedures as dictated by Cyberport methodology and contributing insights on the case investigation and detection quality. Principal Duties:
- Quickly respond to and classify all incoming security cases, ensuring that incidents are appropriately escalated to the right analyst within the predefined SLA period during the Analyst's shift.
- Conduct the first triage investigations into the assigned cases using a blended approach based on tools integrated into the SOAR platform and document all collected evidence and conclusions.
- At the shift's commencement, diligently review all new information in the SOAR, through the Teams channel, shared mailbox, and any other designated communication mediums to ensure readiness to continue or start case the investigation and address client queries.
- Facilitate a smooth handoff to the next team at the end of the shift, ensuring continuous and seamless security monitoring.
- Remain to any procedural inconsistencies or issues and proactively report these to the team leader or upper analytical layer (L2) for resolution or consultation.
- Should uncertainty or complex issues arise, elevate the matter promptly to a senior L1 Analyst or Shift and Technical Leads before resorting to the L2 team.
- Support the Lead Analysts and the L2 team in the extraction and compilation of data needed for the preparation of Weekly, Monthly, and Quarterly Business Review (QBR) documentation. Skills and qualifications:
- At least 1 year of experience as a security analyst
- Proficient in investigating s related to phishing, malware, and similar threats.
- Solid understanding of computer security and networking concepts
- Experience with SIEM or similar security tools.
- Knowledgeable about endpoint protection tools
- Skilled in analyzing network traffic, interpreting logs, and examining packet capture.
- Strong critical thinking and analytical abilities
- Excellent written and verbal communication skills
- Experience managing and analyzing s from security tools is a plus.
- Familiarity with cloud solutions is advantageous.
- Relevant certifications are a plus.
Skills
SOC Analysis,MItre Analysis,Invetigation,Sentinel
