Soc Analyst

Responsibilities:

• Monitor security events and alerts using SIEM (Security Information and Event Management) tools, IDS/IPS (Intrusion Detection/Prevention System), and other security monitoring platforms.
• Investigate and analyze security incidents, identifying the root cause, impact, and recommended remediation actions.
• Conduct in-depth analysis of security logs, network traffic, and other relevant data sources to detect and respond to potential threats.
• Perform real-time incident response activities, including containment, eradication, and recovery, following established procedures and guidelines.
• Collaborate with the SOC Level 1 analysts, providing guidance and support in investigating and escalating security incidents.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices to enhance incident detection and response capabilities.
• Assist in the development and implementation of SOC processes and procedures, including incident response plans, playbooks, and escalation protocols.
• Contribute to the continuous improvement of SOC tools and technologies, suggesting enhancements to enhance detection and response capabilities.
• Provide timely and accurate reporting on security incidents, including the analysis of trends and patterns to support proactive security measures.
• Participate in security incident post-mortem reviews to identify areas of improvement and recommend appropriate actions to prevent future incidents.

Qualifications

• Bachelors degree in Computer Science, Information Security, or a related field.
• 2 Years of experience in a Security Operations Center (SOC) or a similar security analyst role with hands-on experience in incident detection, analysis, and response.
• Strong understanding of common security technologies, including SIEM, IDS/IPS, firewalls, antivirus, and endpoint protection systems.
• Familiarity with security frameworks, standards, and best practices (e.g., NIST Cybersecurity Framework, MITRE ATT&CK, ISO 27001).
• Experience in performing log analysis and investigating security events using SIEM tools (e.g., Splunk, ELK Stack, Sentinel, QRadar).
• Knowledge of networking protocols, TCP/IP, and common security vulnerabilities and attack vectors.