Job Description

Role & responsibilities SOC L2 Qradar : Incident Triage and Escalation : Review security alerts and incidents, determine severity, and escalate to the appropriate teams (e.g., L3, incident response) when necessary. Security Monitoring : Leverage SIEM tools like QRadar to actively monitor security events, correlate data, and detect abnormal patterns or potential threats. Root Cause Analysis : Investigate security incidents thoroughly to identify the root cause, using log analysis and threat intelligence to gain deeper insights. Incident Response : Coordinate and contribute to the response efforts during active security incidents, ensuring rapid mitigation and recovery. Threat Hunting : Proactively search for hidden threats within the network, looking for unusual activity or patterns that may indicate compromise or vulnerabilities. Log Analysis : Deep dive into logs (from firewalls, IDS/IPS, endpoints, etc.) to detect suspicious behavior and correlate events for comprehensive insights. False Positive Reduction : Work on refining SIEM alerts to minimize false positives, improving detection efficiency and alert quality. Collaboration with L3 and Other Teams : Communicate findings and assist L3 analysts or other internal teams with deeper investigations and remediation actions. Documentation and Reporting : Accurately document incidents, their findings, and remediation steps, and generate reports for management and stakeholders. Continuous Learning and Improvement : Stay updated on the latest security threats, attack techniques, and tools, and contribute to improving security processes and detection capabilities.