Job
Description
Role Description L2 SOC Analyst Experience : 5 to 7 years Location : Mumbai Company: CyberProof, A UST Company About CyberProof CyberProof is a leading cyber security services and platform company dedicated to helping customers react faster and smarter to security threats. We enable enterprises to create and maintain secure digital ecosystems through automation, threat detection, and rapid incident response. As part of the UST family, we are trusted by some of the world’s largest enterprises. Our Security Operations Group is composed of a global team of highly skilled cyber security professionals, with our tier 3-4 expertise rooted in Israeli Intelligence "5 Years or SOC experience Certifications – CEH or CCNA or CCNP or QRadar relevant certification " "SOC Analyst L2 SOC Analyst L2 is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA. Responsibilities SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time. When L1 escalates an incident to L2, need to conduct more analysis and, if needed, escalate to the L3 team, or L2 analyst must advise L1 team members until the incident is resolved. Perform deep analysis to security incidents to identify the full kill chain Perform remediation steps according to the findings or initiate steps for remediation Prepare RCA for major incidents Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA. Identify the security gaps and need to recommend new rules/solution to L3/Customer Need to suggest finetuning for existing rules based on the high count/wherever required Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed Recommend finetuning for s with logic and threshold, and possibly the query as well for the SIEM Recommend new usecases with logic and threshold, and possibly the query as well for the SIEM Respond to clients’ requests, concerns, and suggestions Proactively support L1 team during an incident. Performs and reviews tasks as identified in a daily task list. Ready to work in 24x7 rotational shift model including night shift Incident detection, triage, analysis and response. Coordinating with customers for their security related problems and providing solutions. Share knowledge to other analysts in their role and responsibilities Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc Knowledge Experience Minimum 5 Years of experience in Security Operations Security event monitoring, triage, and thorough incident investigation. Research and understand log sources for effective security monitoring. Isolate issues, respond to incidents, and mitigate threats swiftly. Adjust SIEM rules for better and incident specifications. Optimize SIEM capabilities, aid in audit/logging, and generate timely reports. Conduct vulnerability scans, prioritize, and plan remediation. Proactively search for suspicious activities through Threat Hunts. Offer valuable Threat Intelligence to verify security concerns. Identify endpoint threats using EDR/AV analysis and Cybereason scans. Develop and maintain security operation standards, procedures, and playbooks. Essential Skills Knowledge and hands-on experience with SIEM Platofrms- Splunk & Qradar. Knowledge and hands-on experience with EDR Platforms- Crowdstrike & CyberReason. Continuous Learning innovation and optimization Ensure completion of learning programs as suggested by Managers Suggest ideas that will help innovation and optimization of processes and help develop the ideas into proposals. Provide suggestions to reduce the manual work Strong verbal and written English communication Strong interpersonal and presentation skills Ability to work with minimal levels of supervision Available to work in a 24x7 Security Operation centre (SOC) environment- shared MSSP. Show more Show less
