Soc Analyst

Role & responsibilities

• SIEM engineer with Experience in Azure Sentinel and KQL is preferred
• Good knowledge of SIEM, SIEM Architecture, SIEM health check.
• Troubleshoot incidents using SIEM and other SOC tools.
• EDR/XDR tool experience and good knowledge on triaging malware alerts.
• Good analytical and decision-making skills on whitelisting/blacklisting any IOCs.
• Create use cases for various log sources.
• Archive data, backup and data purge configuration as per need and compliance.
• Logging change management tickets for SOC Administration activities like Patch upgrade for SIEM, onboarding log sources etc.
• Helping L2 and L1 with required knowledge base details and basic documentation.
• Co-ordination with L2 and SOC Monitoring team for troubleshooting issues and highlighting them to clients for further resolution and escalation.
• Escalate critical issues to the appropriate level, to avoid any adverse impact of risk on the business.
• Assisting Team by providing support in critical needs to take effective decisions in limited time span.
• High ethics, ability to protect confidential information.
• Troubleshooting at device and connector/agent end to fix the anomaly reported by another team and observed on day-to-day basis.
• Building of incident reports, advisories, and review if SLA has been met for Incident alerting and Incident closure.
• Update and maintain SOC knowledge base for new security incidents and docs.
• Creation of daily status report sheet and submit to SOC manager for review.
• Review advisories and make necessary detection measures.
• Troubleshooting non-reporting devices fix and maintain device status.
• Working with OEM (Tool support) in a way to resolve the issue or incident raised.
• Administration of Windows and Unix servers.
• Building Parser for the SIEM using regex.
• SOP creation & validation for the use cases.