Role Description
Role Proficiency:Monitor cyber security s for our global customers in a 24x7x365 operations team under minimal supervision of Team Lead. Mentor junior members of the team as well as assist the Team Lead in supervision.
Outcomes
- Mentor junior members of the team to help them learn and achieve their full potential.
- Respond independently to low and medium complexity incidents
- Assist the Team Lead in supervisory activities leading to a high-performance organisation.
- Under the overall supervision of Team Lead ensure that cyber security s from the SIEM and multiple sources are dealt with by the entire team within SLA. Communicate and escalate as per defined process.
- Train and motivate the team to follow documented playbook.
- Assist the Team Lead in ensuring quality of service across the team.
- Review and recommend topics for inclusion or upgrade in the playbook as well as new Use Cases or the refinement of existing ones.
- Adherence to defined SOC processes including housekeeping tasks. Adherence to the Information Security policies as defined by the company and customer.
Measures Of Outcomes
- Innovation: Case Studies and value delivered to customer / Cyberproof.
- Team adherence to SLA as agreed with the customer.
- Productivity (Number of s addressed)
- Quality - Percent of tickets that met quality norms
- Adhere to process – Nil NC during audits
- Evidence of skill development including training certification etc.
Outputs Expected
Cyber Security Monitoring :
- Work in accordance with the Playbook under supervision of the team lead to monitor s in the CDC Platform / SIEM Tool etc. Ensure appropriate response in line with the SLA.
Cyber Security Incident Management
- Process s through analysis triage and resolution.
- Communication and escalation as per defined process
- Documentation including annotation in CDC / SIEM work log to ensure audit trail as per defined standards and quality requirements.
- Reporting
Team Player
- Assist the team lead in ensuring Continuous Learning as well as in delivering on innovation and optimization
- Mentor junior team members where possible.
Reporting
- Assist Team Lead in generation of required reports management information and analytics.
Other Responsibilities
- Ensure that the housekeeping tasks are performed
- Undertake activities for example quality checks reviews etc. to ensure that the team as a whole are performing to standard requirements
- Stand in for the team lead when required at customer meetings etc.
- Assist in achieving near zero false-positives etc.
Skill Examples
- High proficiency in the use of CDC SIEM and other relevant tools
- Skill to review and recommend Play Book improvements Use Case Refinements New Use Cases Process Improvements etc.
- Excellent logical problem-solving ability and analytical skills for incident triage and analysis
- Excellent oral and written communication skills.
- Continually learn new technology and stay updated on cyber threats. Assist and motivate team members to do likewise
- Ability to work in rotating shifts and also be on-call outside of shift hours on a regular and recurring basis.
- Possess unimpeachable personal and professional integrity. Individuals will be required to submit to a background check.
Knowledge Examples
3 to 5 years experience as SOC operations with SOC of global organization.
- University Degree in Cyber Security (no back papers) / Bachelor’s in Science or Engineering with training in cyber security
- Highly proficient in Cybersecurity Incident Management process.
- Highly proficient and up to date in cyber security s and incidents. Intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc.
- Understanding of ISMS principles and guidelines; relevant frameworks (e.g. ISO27001)
- Desirable – Training / Certification in Ethical Hacking Tools Process and Frameworks related to cyber security etc.
Additional Comments
Job Title L2 SOC Analyst- GoDaddy Inc
- Participate in continuous improvement efforts for SOC capabilities across people, process, and technology.
- Collaborate with teams to optimize detections and playbooks.
- Analyze and triage security incidents
- Mentor and train junior analysts
- Serve as escalation point for Junior analysts
- Participate in incident response activities as necessary. Your experience should include o Strong grasp of operating systems (Windows, Linux, MacOS) and networking protocols and concepts. o Extensive knowledge of internet security issues and the threat landscape. o Previous experience with the following tools: Splunk, EDR Solutions, Microsoft Security products. o Problem-solver with excellent communication skills, a deep technical understanding of security best practices. o Knowledge with threat hunting. o Strong grasp of the Incident response life cycle o Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. o Capable of writing advance ad-hoc SPL queries. o Analyze log files from a variety of sources (for example, Individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats to network security. o Utilize SIEM tools, such as SPLUNK and EDR tools, to enhance monitoring capabilities and expanding on the security posture of the current environment. o 4+ years’ experience in a SOC or Fusion Center environment You might also have o Incident Response specific or other relevant certifications [ex. GCIH, ECIH, SEC + etc.] o Experience with incident response in cloud platforms [AWS, GCP, etc].
Skills
SOC Analysis,Splunk Enterprise,Linux,Edr
