SOC Analyst L2

Role & responsibilities :

• Proactively prevent, detect and respond to Threat Intelligence to reduce cyber risk at NAIL
• Work with our managed SOC vendor and other internal teams for identifying, and deploying defenses against advanced threats.
• Identify new and dynamic ways to protect NAIL against the evolving threat landscape.
• Analyse event data from various data sources; End Point, Cloud Based, Network.
• Apply knowledge of current and past malware methods, attack methodologies, and TTPs (Tactics, Techniques, Procedures) to discover anomalies and trends within data.
• Understand the Threat Hunting Maturity Model and Threat Hunt Process and apply the MITRE Attack Framework during investigations.
• Conduct research using open and closed source intelligence sources.
• Lead in the capture of attacker techniques, indicators of compromise and objectives, and use the captured information to improve defenses through recommendations for the creation of detection logic.
• Lead investigations using multiple data/intelligence sources and tools to track down and detect cyber threat actors and activity that may have breached our defences.
• Search for security gaps by performing risk assessment, penetration testing, and identifying internal risks.
• Demonstrate technical security expertise in the security incident detection and response and offensive security field.
• Manage the response to complex and high severity security incidents. Responsible for taking decisions and identifying required actions. During high severity security incidents, you will help advise the NAIL CSO on appropriate containment, eradication, and remediation measures. Planning and remediating complex cyber security threats and incidents across the NAIL IT estate without supervision.
• Drive the development of the SIEM security control environment.
• Understand and demonstrate the basic principles of digital forensics as it relates to incident detection and response.
• Develop SOC security incident policies and investigation procedures, for use across multiple information systems and teams, without supervision.
• Analyze, define, and manage the delivery of new SIEM rules through our managed security service provider. Create new custom detection rules using KQL.
• Work with the managed SOC vendor to tune existing rules.
• Produce incident reports and post incident improvement assessments.
• Produce reports for the customer CISO.