Security Analyst - L2/L3

Note : Preferable Immediate Joiner

Security Analyst - L2

Responsibility:

• Coordinate with associate L1 Analysts 
• Handle all the escalation of associate L1 
• Serve as shift leader and point of escalation for level 1 analysts 
• Provide operational and technical support to the customer 
• Oversee completion of day-to-day checklist(s), including: log review, management report scheduling, alert analysis, and escalation follow up activity status 
• Provide knowledge to L1 to maintain and improve the Operation 
• Ensure all unresolvable cases are passed to the correct team for action as appropriate 
• Support implementation of SOC processes and perform periodic check for compliance 
• Handle configuration and change management of SIEM / Logger. 

Duties:

• Ensure high level of quality when managing tickets, requests and Customer queries 
• Capture requirements of Customer and prepare SIEM Rules, Reports and Dashboards 
• Prepare reports & distribute in readiness for Customer tuning calls 
• Arrange & manage client calls. Take actions accordingly. 
• Create scheduled Customer reporting, from existing reports, whenever appropriate. 

Checklist Task for L2 Analyst:

• Handle all the escalation request of associate L1 
• Verify incident reported by associate L1 analyst 
• Verify Reports made by associate L1 analyst 

Security Analyst L3 :

Responsibility:

• Review all L2 analysts task 
• Works with the customers business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments 
• Integrate new devices as per client guidelines 
• Develops security processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained 
• Advises security administrators on normal and exception-based processing of security authorization requests 
• Reports to customers management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and non-compliance 
• Works with customer’s IT department and members of the information security team to identify, select and implement technical controls 
• Prepare plan of action to achieve milestone. 
• Knowledge on Log source baseline & log source integration 
• Use cases creation & finetuning. 
• Threat intelligence 
• Incident management  
• Incident response 
• False positive reduction based on incident type. (different type of attacks & incidents) 
• Weekly & monthly reporting 
• Threat hunting 
• Risk & Impact analysis. 

Duties:

• Performs control and vulnerability assessments to identify control weaknesses of existing controls, and recommends remedial action 
• Works with junior staff on deploying, tuning and running vulnerability-scanning and penetration-testing tools 
• Assists security administrators and IT staff in the resolution of reported security incidents 
• Monitors daily or weekly reports and security logs for unusual events 
• Provides status, updates and tracking progress to the enterprise compliance team for reporting purposes 
• Researches new threats and security alerts, and recommend remedial actions. 

Checklist Task for L3 :

• Vulnerability scanning in the environment 
• Monitor unusual events 
• Finding new threats and security alerts 
• Assist resolution to the customer for the reported incident