L2 SOC Analyst

Job Description

Job Responsibilities: 1. Perform deep analysis to security incidents to identify the full kill chain 2. Perform remediation steps according to the findings or initiate steps for remediation 3. Prepare RCA for major incidents 4. Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA. 5. Identify the security gaps and need to recommend new rules/solution to L3/Customer 6. Need to suggest finetuning for existing alert rules based on the high count/wherever required 7. Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed 8. Recommend finetuning for alerts with logic and threshold, and possibly the query as well for the SIEM 9. Recommend new usecases with logic and threshold, and possibly the query as well for the SIEM 10. Respond to clients requests, concerns, and suggestions 11. Proactively support L1 team during an incident. 12. Performs and reviews tasks as identified in a daily task list. 13. Ready to work in 24x7 rotational shift model including night shift 14. Incident detection, triage, analysis and response. 15. Coordinating with customers for their security related problems and providing solutions. 16. Share knowledge to other analysts in their role and responsibilities 17. Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets. Knowledge Experience: Minimum 5+ Years of experience in Security Operations Security event monitoring, alert triage, and thorough incident investigation. Research and understand log sources for effective security monitoring. Isolate issues, respond to incidents, and mitigate threats swiftly. Adjust SIEM rules for better alert and incident specifications. Optimize SIEM capabilities, aid in audit/logging, and generate timely reports. Conduct vulnerability scans, prioritize, and plan remediation. Proactively search for suspicious activities through Threat Hunts. Offer valuable Threat Intelligence to verify security concerns. Identify endpoint threats using EDR/AV analysis and Cybereason scans. Develop and maintain security operation standards, procedures, and playbooks.