Analyst - Threat Management

Job Description

We are searching for a Security L2 Analyst who will be responsible for monitoring, reporting, and escalating events to our L3. The primary function of this position is to monitor the analytics tools and perform alert management and initial incident qualification. Console monitoring of the EDR and triaging the alerts in it. This role reports to the Head of Threat management.

Responsibilities

• Investigates deeper on the detected behaviors when an incident is escalated by the SOC level 1 analyst.
• Add context to the incident to understand the behavior, analyzing data from multiple tools and data sources.
• Participates in the crisis management by providing support to the incident handler and the SOC Level 3 analysts.
• Works on the decrease of false positives.
• Analysing and blocking IOC's (Hash, Domain, IP, URL)
• Experience in developing new use cases and fine tuning over EDR tools.
• Performing EDR agent health check and troubleshooting on non-reporting agents.
• Good understanding of IOCs and performing sweep over EDR tools
• Participates in recurrent meetings with the customer as the technical referent.
• Supports the customer for the remediation of incidents.
• Knowledge of TCP/IP, Linux and Windows infrastructures and basic network security architecture concepts.
• Knowledge and understanding of standard & modern attack techniques on applications, systems and networks.
• Closely monitor customers security threats and alerts and collect data to initiate Level 2 escalation within a targeted timeframe.
• Ability to multitask, prioritize and work independently.

Ability to pick up new technology or concepts, quickly.

Essential Skills

• Strong knowledge and hands-on experience in management of EDR, NDR and Proxy gateways.
• Experience in Security Information Event Management (SIEM) tools, ability to perform deeper analysis on incident trigger over EDR tools.
• Good hand-on in troubleshooting agent related issues, deploying new agents.
• Follow ups with vendor for ongoing issues.
• Should have expertise in TCP/IP network traffic and event log analysis.
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management

Additional Desired Skills

• Strong interpersonal and presentation skills
• Ability to work with minimal levels of supervision or oversight
• Adherence to security policies

Education Requirements & Experience

• Bachelors in Computer Science/IT/Electronics Engineering, M.C.A. or equivalent University degree
• Minimum of 1-5 year of experience in the IT security industry, preferably working in a

MSSP SOC environment

• Certifications: CCNA, CEH