Role Description
Role Proficiency:Serve as the first point of contact for cyber security incidents escalations and investigation. Work with different teams to improve service provided by SOC to clients around the globe.
Outcomes
- React on cyber security incident escalation from L1 or customer on defined SLA and with proper investigation
- Analyze the L1 processes and create a new relevant process for service
- Analyzing the L1 requests for SIEM rule tuning and suggest relevant changes
- Perform trends analysis on collected data (s and incidents) and detection rules coverage
- Providing trainings for L1 on new technologies and tools
- Work with different teams (SIEM L1 TAM and etc) to provide required service to customers
- Perform review on handled s
Measures Of Outcomes
- Accurate review on all handled s by L1 daily
- Reply to escalation on time based on defined SLA
- Number of False Positive detections reduced
- Percentage of threats that are blocked detected and reported
Outputs Expected
Incident Advance investigations :
- Investigate an incident escalated from previous layer
- Include investigation in customer’s security tools
Review And Improve Work And Processes In L1 Team
- Performing daily review on L1 activity (closed and escalated s/incidents) to validate that the investigation is in required quality and the decisions are correct
Improve SOC Detection And Monitoring Service
- Analysis the triggered detection rules in SIEM solution to reduce a false positive rate and improve detection quality
Skill Examples
SIEM IPS WAF etcFast self-learningGood analytic skillsGood soft skills (Verbal and writing)Presentation skill (Verbal)Programming languages such as C C# Python Perl Java PHP and Ruby on Rails
Knowledge Examples
Knowledge Examples
- Experience as SOC analyst or parallel role in cyber security
- Good knowledge in cyber security area: Understanding attack methods and tools understanding the attack vectors be familiar with defence methodology be updated on current trends in cyber
- Have experience in incident guideline definitions
Additional Comments
Job Summary: We are seeking a highly skilled and proactive Senior SOC Analyst to join our team and manage our cybersecurity defense capabilities. The ideal candidate will have hands-on expertise in IBM QRadar SIEM, UEBA, Deception technologies, SOC Radar (or similar DRP tools) and SOC operations, along with a strong command of Python scripting. This role is responsible for end-to-end threat detection, investigation, response and mitigation across the enterprise, with an additional focus on Dark Web and Brand Protection monitoring, SIEM integration and validation and proactive threat hunting. The analyst will work closely with cross-functional stakeholders to ensure timely remediation of threats and resolution of anomalous activities. The selected resource will also be actively involved in evaluating and implementing Proof of Concept (PoC) solutions and supporting the rollout of new security technologies and integrations within the environment. Python scripting experience is mandatory for automating detection use cases, integrating disparate security tools and optimizing SOC workflows. ________________________________________ Key Responsibilities: SIEM Management & Integration:
- Monitor and manage the integration and validation of all enterprise infrastructure (servers, endpoints, databases, applications, cloud workloads and security tools) with IBM QRadar SIEM.
- Ensure comprehensive and accurate log ingestion from all critical assets.
- Develop and tune correlation rules, dashboards and custom detection use cases.
- Maintain and document all log source integrations and ensure ongoing operational health. Security Monitoring & Incident Handling:
- Actively monitor s and offenses generated by QRadar, SOC Radar, UEBA and Deception technologies.
- Investigate and analyze suspicious behavior and escalate legitimate threats.
- Coordinate with internal teams and stakeholders (IT, App, Infra, Risk, Compliance) to validate and remediate threats or abnormal activity.
- Lead incident response, documentation and reporting for confirmed incidents. Dark Web & Brand Monitoring (SOC Radar):
- Use SOC Radar (or similar tools) to detect brand abuse, credential leaks, phishing campaigns, data exposure and executive impersonation.
- Validate and enrich findings with internal context, then coordinate with stakeholders for mitigation and takedown efforts. UEBA & Deception Monitoring:
- Analyze behavioral anomalies and deceptive signals to detect insider threats, compromised accounts, or lateral movement.
- Investigate findings from UEBA and deception systems and take appropriate remediation steps in coordination with relevant business units. Threat Hunting & Automation:
- Conduct proactive threat hunts based on IOCs, TTPs, threat actor activity, and behavioral patterns.
- Leverage Python scripting for automation, enrichment, correlation and tool integration to improve efficiency and detection fidelity.
- Contribute to the development of internal scripts and tools to streamline security operations. Core Responsibilities
- 24/7 Incident Response: Immediate support during security breaches with a 1-hour SLA
- Threat Containment & Root Cause Analysis: Isolate malicious activity, identify breach sources, and assess impact
- Forensic Investigations: Conduct static and dynamic malware analysis, sandboxing, and IOC (Indicators of Compromise) identification
- Incident Classification & Prioritisation: Evaluate scope, impact, and criticality to determine escalation paths
- Reporting: Generate detailed incident reports including timelines, compromised assets, MITRE TTPs, and recommendations Team Coordination
- Collaborate with CTI Analysts, SOC Specialists, and Threat Hunters to execute response plans
- Liaise with clients for DFIR activation and updates Duties & Responsibilities
- Monitor network/system logs for suspicious activity.
- Investigate s and perform digital forensics.
- Develop and execute incident response plans.
- Coordinate with IT/security teams to contain threats.
- Document incidents and maintain response databases.
- Conduct post-incident reviews and recommend improvements. ________________________________________ Required Skills & Experience:
- Minimum 5 years of experience in a SOC, Threat Intelligence, or Cybersecurity Analyst role.
- Proven hands-on experience with IBM QRadar SIEM (log integration, AQL, custom rules).
- Strong experience with SOC Radar or similar DRP/Digital Risk Protection platforms.
- Deep understanding and practical usage of UEBA and Deception technologies.
- Python scripting expertise is mandatory – ability to write scripts for automation, threat analysis, and system integrations.
- Strong grasp of MITRE ATT&CK, cyber kill chain, and advanced threat actor tactics.
- Excellent incident analysis, communication, documentation, and stakeholder management skills. ________________________________________ Preferred Qualifications:
- Industry certifications such as GCIA, GCIH, CEH, CISSP, CyS
Skills
Incident Response,CyberSecurity,Mitre Framework
