Role: SOC Analyst L2 / L1 Reporting to: SOC Manager / Lead
Qualifications / Skills:
• Full Time Graduate (MANDATORY).
• 3-5 years of experience in Information Security domain
• Experience in Security Operation Centre operations with good understanding SIEMs like
Arcsight / Q radar / Splunk / ELK – QRadar Exp is required
• Good understanding on Network (LAN/WAN/ WI-FI / VPN), Security solutions e.g. IDS / IPS,
Firewall, Proxies, DLP, WAF, anti DDOS tools etc, Operating systems & databases – Windows / Linux, SQL , Syslog
• Aware on malware / APT operations and participated in Red / Blue / Purple team simulations
• CEH or CCNA or SIEM product certification would be added advantage • Good analytical & technical skills.
Key Responsibilities / Activities:
Administration and maintenance of SIEM platform and its components Monitoring of security incidents in 24x7 rotational shifts.
Monitor health of SIEM components and create incidents to the support team for action. Triage of events as provided in SOPs and automate analysis if possible Escalation of incident to SOC lead as per SOPs.
Ensure incidents are handled as per SLA.
Track incident to closure as per SOP.
Escalation of incident to SOC Lead for non-standard incident.
Highlight gaps in SOPs to SOC lead
Generate reports as per defined templates and frequency.
Provide shift hand over reports as per defined template.
Create & review SOPs for incident handling
Create report templates in the SIEM tool as defined by SOC lead
Develop and maintain knowledge base
Proactively identify vulnerabilities in infra and update use cases to generate alerts
Perform use case testing and review to revoke obsolete use cases