SOC Analyst Tier 3

Apr 4, 2022

ROLE PURPOSE
The Security Operations Centre will provide defence against security breaches and actively isolate and mitigate security risks. The Tier 3 SOC Analyst forms part of the security operations centre SOC team. The SOC Team will identify, analyse, and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team includes the SOC Manager, SIEM Platform Manager, Case Manager, Tier 1 SOC Analysts, Tier 3 SOC Analyst, and Security Engineers. They work with IT operational teams to address security incidents and events quickly. The SOC Team will provide a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.

ROLE AND DELIVERY RESPONSIBILITIES:
The job role includes actively participating in the incident detection process as follows:

  • Possesses in-depth knowledge of network, endpoint, threat intelligence, forensics and malware reverse Analysis, as well as the functioning of specific applications or underlying IT infrastructure
  • Acts as an incident “hunter,” not waiting for escalated incidents
  • Closely involved in developing, tuning, and implementing threat detection analytics
  • Acts as the escalation for Tier 1 and 2 SOC Analysts
  • Responds to and oversees the remediation of a declared security incident
  • Completes the Root Cause Analysis Report for P1 to P4
  • Provides guidance to Tier 1 and 2 SOC Analysts
  • Act as Team Leader of Tier 1 and 2 SOC Analysts
  • Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack
  • Monitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the SOC Manager
  • Make recommendations to the SOC Manager
  • Oversees the analysis on running processes and configs on affected systems
  • Undertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted
  • Oversees the containment and recovery
  • Oversees the deep-dive incident analysis by correlating data from various sources
  • Validates if a critical system or data set has been impacted
  • Provides support for analytic methods for detecting threats
  • Conducts advanced triage based on defined run books of alerts
  • Undertakes threat intelligence research if need be
  • Validates false positives, policy violations, intrusion attempts, security threats and potential compromises
  • Undertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessary
  • Further analyses alarms by method e.g. credentials compromised and by asset class
  • Based on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK framework
  • Hunts for threats via advanced EDR features with IOC and YARA indicators – across Windows, macOS, and Linux systems
  • Analyses event and process metadata in real-time or retrospectively, and identify suspicious files/scripts seen for the first time
  • Closes tickets in the SIEM platform – this would be automatically created into Service Now
  • Manages security incidents using the SIEM platform and defined operational procedures
  • Performs a further investigation of potential incidents, and escalate or close events as applicable
  • Validates investigation results, ensuring relevant details are passed on to Tier 2 SOC Level 2 for further event analysis
  • Closes out deeper analysis and review activities
  • Assist senior SOC staff with operational responsibilities

KEY PERFORMANCE INDICATORS
KPI’s

  • SIEM Security Appliance Operations Management
  • Support and Administration
  • Policy Management
  • Platform Monitoring
  • Standard Reporting
  • Service Level Management
  • Various Security platforms administration and configuration, policy configuration
  • Security platforms with SIEM integration and participate in the security incident and event investigations and remediation
  • Maintain and Secure Active Directory
  • Create and Maintain GPOs’
  • Ensure IT policies are met with regards to data security and Integrity
  • Ensure IT policies are met with regards to network security
  • Maintain and Manage Azure Active Directory Connect
  • Maintain and Manage Active Directory Federation Services (ADFS)
  • Monitoring of Active Directory and Domain Controllers

PERSON REQUIREMENTS
EXPERIENCE

  • Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure Sentinel
  • 3 to 5 years’ experience in IT Infrastructure Support, and a further 2 to 3 years’ track record as a Tier 3 SOC Analyst or Threat Hunter (Red Teaming) in an established SOC
  • Advanced knowledge of networks technologies (protocols, design concepts, access control)
  • Advanced knowledge of various security technologies (firewalls, web gateway, endpoint protection, vulnerability management, network infrastructure, etc.)
  • Advanced IT infrastructure technical and problem-solving skills
  • Good experience working with Mimecast
  • Good experience working Cofense PhishMe
  • Good experience working with Nessus or Qualys
  • Good understanding of the MITRE ATT&CK framework
  • Good understanding of the ITIL Framework.
  • Good report writing skills. PowerBI or QlikView
  • Brilliant with a support ticketing system and experience in meeting SLA targets.
  • Familiarity with risk management and quality assurance control.
  • Excellent interpersonal skills and professional demeanor
  • Excellent verbal and written communication skills
  • Candidate must be eligible to obtain National Security Clearance

QUALIFICATIONS

  • Grade 12
  • SIEM Technology certification
  • MCSE, MCSA.
  • ITIL Foundation qualification
  • Degree or Diploma in Computer Technology
  • CompTIA A+, N+ S+
  • CNNA or equivalent
  • CompTIA CySa and CASP+ advantageous

ADDITIONAL SKILLS/ATTRIBUTES

  • Advanced Microsoft Excel experience, specifically data interpretation
  • Good understanding of IT infrastructure
  • A high command of the English language both written and verbal is essential.
  • Self-motivated with the ability to work unsupervised.
  • Attention to detail
  • Punctuality
  • Excellent verbal and written communication skills
  • Ability to remain flexible and adapt to changing priorities with promptness, efficiency, and ease
  • Possess proficient analytical and decision-making skills
  • Demonstrated capacity for gathering and scrutinizing data to identify issues, opportunities, and patterns
  • Proficient relationship building skills – predict customer behavior and respond accordingly
  • A strong service-oriented (‘can-do’) culture, with a strong focus on the ‘internal customer’ approach, committed to exceeding customer expectations
  • Good communicator with the customer environment
  • Dynamic but aware of the views and feelings of others
  • Able to operate as a good team player
  • Drive and Energy
  • Demonstrate clear purpose, enthusiasm, and commitment

Desired Skills:

  • SOC Analyst Tier 3

Learn more/Apply for this position