CSOC Analyst L2

Job Responsibilities Responsible to triage operating system related cyber security incidents as a member of Security Operations Center incident responders’ team second line.

Performs deep-dive incident analysis by correlating data from various sources; determines if a critical system or data set has been impacted; advises on remediation; provides support for new analytic methods for detecting threats.

• Proactively monitoring the operating systems alert queue using multiple tools, such as SIEM, EDR and custom-built system monitoring tools.
• Conducting triage of alerts to identify potential, false positives, policy violations, intrusion attempts and compromises on the system level.
• Consolidating data from alert triage to provide context necessary to escalate Tier 3 Analyst.
• Escalate to Tier 3 Analyst with all necessary data for deeper analysis and review.
• Collecting evidence on operating system level for Incident analysis.
• Advises on remediation.
• Supporting operating system related security controls management.
• Supporting operating system related threat detection analytics.

Should have good knowledge of security tools and skills as follows:

• Knowledge about MS Windows and UNIX based systems
• Knowledge TCP/IP version 4 and version 6
• Manual testing skills
• Automation testing skills
• Technical writing skills
• Problem solving skills and attention for detail
• Malware analysis sandboxing solution, Security Event and Incident Monitoring System (SIEM), Orchestration tool and playbook response concept, Endpoint Detection and Response tool (EDR), Anti-malware systems, Intrusion Detection and Prevention Systems, Firewalls.

Required Industry Certificates

• ECC CEH – Certified Ethical Hacker – in good standing
• some of SANS, GIAC, ISACA, (ISC)2 certificates or trainings – in good standing

Recommended Industry Certificates

• SANS, GIAC, ISACA, (ISC)2