Investigating incoming events using SOC -available tools.
■ Ensure events are addressed in a timely manner using available reporting and metrics.
■ Approve and, if necessary, further investigate escalated events.
■ Mentor analysts to improve detection capability within the SOC.
■ Manage SOC events and information intake to include gathering intelligence reports, monitoring ticket queues, investigating reported incidents, and interacting with other security and network groups as necessary.
■ Serve as detection authority for initial incident declaration.
■ Function as shift subject-matter experts on incident detection and analysis techniques, providing guidance to junior analysts and making recommendations to organizational managers.
■ Drive and monitor shift-related metrics processes ensuring applicable reporting is gathered and disseminated per SOC requirements.
■ Conduct security research and intelligence gathering on emerging threats and exploits.
■ Serve as a backup analyst for any potential coverage gaps to ensure the business continuity
- Expert Knowledge of Security Information and Event Management (SIEM)
- Good Knowledge of TCP/IP, computer networking, routing, and switching
- Good Knowledge of Firewall and intrusion detection/prevention protocols
- Good Knowledge of Windows, UNIX, and Linux operating systems
- Good Knowledge Network protocols and packet analysis tools
- Knowledge of IDS/IPS Technologies
- Knowledge of Penetration and vulnerability testing
- Knowledge of DLP, anti-virus, and anti-malware
- Knowledge of least one programming languages
- Knowledge of Cloud computing
- Knowledge of SaaS models
- Good Knowledge of Incident Handling
- Good Knowledge of SQL and Oracle databases
- Knowledge of Malware Analysis
- Knowledge of Forensics and Evidence Analysis
- Knowledge of Threat Hunting
- Knowledge of Deception Technology
- Strong analytical and problem-solving skills
- Self-driven and highly motivated
- Ability to work independently and in a team environment
- Be a self-starter, self-motivated and self-directed.
- Proven to be detail oriented and be able to use many various resources.
- Must be able to multi-task and work with numerous projects and tools.
The preferred candidate should have a minimum of one of the below stated;
- Cyber Security Analyst in SOC (Security Operation Center) more than 3 years of experience
- OSINT Intelligence Analystmore than 1 year of experience
- Red Team member more than 3 years of experience
- Network Administratormore than 5 years of experience
- System Administratormore than 5 years of experience