Security Operations Center Analyst

Position Summary

• The incumbent will primarily be responsible for categorizing identified Cyber Security threats and incidents while conducting in-depth analysis of the risk profile of said threats to the management team for further action.
• He/she is the escalation point of the L1 SOC Analyst for any identified potential anomalies and will perform in-depth investigation into the matters.

Key Responsibilities

• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
• Determine appropriate course of action in response to identified and analyze anomalous network activity
• Determine tactics, techniques, and procedures (TTPs) for intrusion sets, determine the effectiveness of an observed attack
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
• Monitoring and reviewing of Audit logs from security sources, such as SIEM, Applications, Cloud services, for the usage of Privileged ID and activities to ensure compliance with security policies.
• Lead and support incidents or event escalations or reviews escalated by T1 Analysts ensuring that escalations are handled within agreed SLAs
• Administer and upkeep SIEM tools & solutions (i.e. BeyondTrust, TPAM, Tenable)
• Management of Privilege IDs user access matrix
• Liaise with vendors on upcoming projects/ upgrades and to also support and oversee the proper deployment, configuration, and functioning of systems, post implementation
• Work with auditors and track audit items assigned to the team

Requirements

• Diploma or degree in Computer Science, Information Systems or related disciplines
• At least 3 years of working experience in IT Security Operations environment
• Experience monitoring security information and event management (SIEM) systems & tools (i.e. McAfee, Security Analytics, Logrhythm, Tripwire,& Tufin)
• Experience in working with firewall, IPS and IDS & handling of IT Security incidents
• Experience/Knowledge in working with Cloud services such as AWS
• Knowledge of current security events and a demonstrated passion to stay informed of current industry trends
• Knowledge of regulatory requirements such as MAS Technology Risk Management.