Soc Analyst

TechMBS Security Operations Centre Information Security Analyst L1

Job Summary:

The Security Operation Centre (SOC) Information Security Analyst – L1 is the first level of monitoring in the SOC. The position monitors and responds to security events from managed customer security systems as part of a team on a rotating 24 x 7 x 365 basis.

Your background should include exposure to security technologies including firewalls, IPS/IDS, logging, monitoring and vulnerability management. You should have an understanding of network security practices. Excellent customer service while solving problems should be a top priority for you. Scalar is a fast-paced, entrepreneurial environment so to be successful you’ll need to be a pro-active individual, take direction well, communicate succinctly and collaborate effectively.

• To detect Incidents by monitoring the SIEM console, Rules, Reports and Dashboards.
• To Monitor the SIEM console resources to identify any anomalies.
• To report the incident to the concerned team along with the SOC.
• To escalate the incident whenever the SLA's are not met.
• To monitor the health of the SIEM tool.
• To assist SOC Analyst in incident workflow.
• To assist SOC team in incident detection and resolving.
• To communicate with external teams in proper incident resolution.
• The security analyst L2 monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier 2 information security specialists, and/or customer as appropriate to perform further investigation and resolution.
• Participate in security incident management and vulnerability management processes
• Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats
• Communicate effectively with customers, teammates, and management
• Follow ITIL practices regarding incident, problem and change management
• Document and maintain customer build documents, security procedures and processes.
• Staying up-to-date with emerging security threats including applicable regulatory security requirements.
• Other responsibilities and additional duties as assigned by the security management team

Qualifications:

candidates will have as much of the following

• Minimum 2 years’ experience working in a large-scale IT environment with focus on Information Security.
• Experience in IT/IT Security
• Experience in operating SIEM product
• High-level understanding of TCP/IP protocol and OSI Seven Layer Model.
• Knowledge of security best practices and concepts.
• Knowledge of Windows and/or Unix-based systems/architectures and related security.
• Intermediate level of knowledge of LAN/WAN technologies.
• Must have a solid understanding of information technology and information security.
• Detail oriented with strong organizational and analytical skills
• Strong written communication skills Ideal and presentation skills
• Self-starter, critical and strategic thinker
• Good knowledge of IT including multiple operating systems and system administration skills (Windows, Linux)
• Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products
• Strong understanding of security incident management, malware management and vulnerability management processes
• Security monitoring experience with one or more SIEM technologies and intrusion detection technologies
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, LDAP
• Excellent English written and verbal skills.

  Role & responsibilities

Preferred candidate profile