SOC Analyst L2

Introduction

Your Role And Responsibilities

• Good knowledge of SIEM, SIEM Architecture, SIEM health check.
• Audit the SIEM in the customer environment.
• Troubleshoot issues regarding SIEM and other SOC tools.
• Good verbal/written communication skills.
• Build of use case for the customer.
• Data archiving and backup and data purging configuration as per need and compliance.
• Raising change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
• Helping L3 and L1 with required knowledge base details and basic documentations.
• Co-ordination SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
• High ethics, ability to protect confidential information.
• Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis.
• Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
• Update and maintain SOC knowledge base for new security incidents and docs.
• Creation of daily status report sheet and submit to SOC manager for review.
• Review advisories and make necessary detection measures.
• Provide analysis and trending of security log data from a large number of security devices.
• Troubleshooting non-reporting devices fix and maintain device status.
• Working with OEM (Tool support) in a way to resolve the issue or incident raised.
• Administration of Windows and Unix servers.
• Ready to work on 24/7 shifts to support client requirement.
  

Preferred Education

Required Technical And Professional Expertise

• 2 Years of Experience in SOC monitoring and investigation.
• Audit the SIEM in the customer environment.
• Troubleshoot issues regarding SIEM and other SOC tools.
• Build of use case for the customer.
• Data archiving and backup and data purging configuration as per need and compliance.
• Helping L3 and L1’s with required knowledge base details and basic documentations.
• Co-ordination with SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
• Troubleshooting at device and connector/agent end to fix the anomaly reported by other team and observed on day to day basis.
• Building of incident reports, advisories and review if SLA has been met for Incident alerting and Incident closure.
• Update and maintain SOC knowledge base for new security incidents and docs.
• Creation of daily status report sheet and submit to SOC manager for review.
• Review advisories and make necessary detection measures.\
• Provide analysis and trending of security log data from a large number of security devices.
• Troubleshooting non-reporting devices fix and maintain device status.
• Working with OEM (Tool support) in a way to resolve the issue or incident raised.
• Administration of Windows and Unix servers.
• Building Parser for the SIEM using regex.
  

Preferred Technical And Professional Experience

• Escalation point for L1’s and SOC Monitor team.
• Ability to drive call and summarizing it post discussion.
• Good Understanding of Firewall, IDP/IPS, SIEM functioning (Generalize HLD as well as LLD).
• Deep understanding on Windows, DB, Mail cluster, VM and Linux commands.
• Knowledge of network protocols TCP/IP and ports.
• Team Spirit and working ideas heading to resolution of issues.
• Qualifications like CISA, CISM, CISSP, CEH, SANS or any other recognized qualification in Cybersecurity (SIEM/Qradar certification) will be preferred.
• Thorough knowledge in SIEM tool and experience in networking, Cloud security experience will be preferred.
• SOC Senior Analyst experience with multiple customers.