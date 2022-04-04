SOC Analyst Tier 3

ROLE PURPOSE

The Security Operations Centre will provide defence against security breaches and actively isolate and mitigate security risks. The Tier 3 SOC Analyst forms part of the security operations centre SOC team. The SOC Team will identify, analyse, and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team includes the SOC Manager, SIEM Platform Manager, Case Manager, Tier 1 SOC Analysts, Tier 3 SOC Analyst, and Security Engineers. They work with IT operational teams to address security incidents and events quickly. The SOC Team will provide a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.

ROLE AND DELIVERY RESPONSIBILITIES:

The job role includes actively participating in the incident detection process as follows:

Possesses in-depth knowledge of network, endpoint, threat intelligence, forensics and malware reverse Analysis, as well as the functioning of specific applications or underlying IT infrastructure

Acts as an incident “hunter,” not waiting for escalated incidents

Closely involved in developing, tuning, and implementing threat detection analytics

Acts as the escalation for Tier 1 and 2 SOC Analysts

Responds to and oversees the remediation of a declared security incident

Completes the Root Cause Analysis Report for P1 to P4

Provides guidance to Tier 1 and 2 SOC Analysts

Act as Team Leader of Tier 1 and 2 SOC Analysts

Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack

Monitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the SOC Manager

Make recommendations to the SOC Manager

Oversees the analysis on running processes and configs on affected systems

Undertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted

Oversees the containment and recovery

Oversees the deep-dive incident analysis by correlating data from various sources

Validates if a critical system or data set has been impacted

Provides support for analytic methods for detecting threats

Conducts advanced triage based on defined run books of alerts

Undertakes threat intelligence research if need be

Validates false positives, policy violations, intrusion attempts, security threats and potential compromises

Undertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessary

Further analyses alarms by method e.g. credentials compromised and by asset class

Based on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK framework

Hunts for threats via advanced EDR features with IOC and YARA indicators – across Windows, macOS, and Linux systems

Analyses event and process metadata in real-time or retrospectively, and identify suspicious files/scripts seen for the first time

Closes tickets in the SIEM platform – this would be automatically created into Service Now

Manages security incidents using the SIEM platform and defined operational procedures

Performs a further investigation of potential incidents, and escalate or close events as applicable

Validates investigation results, ensuring relevant details are passed on to Tier 2 SOC Level 2 for further event analysis

Closes out deeper analysis and review activities

Assist senior SOC staff with operational responsibilities

KEY PERFORMANCE INDICATORS

KPI’s

SIEM Security Appliance Operations Management

Support and Administration

Policy Management

Platform Monitoring

Standard Reporting

Service Level Management

Various Security platforms administration and configuration, policy configuration

Security platforms with SIEM integration and participate in the security incident and event investigations and remediation

Maintain and Secure Active Directory

Create and Maintain GPOs’

Ensure IT policies are met with regards to data security and Integrity

Ensure IT policies are met with regards to network security

Maintain and Manage Azure Active Directory Connect

Maintain and Manage Active Directory Federation Services (ADFS)

Monitoring of Active Directory and Domain Controllers

PERSON REQUIREMENTS

EXPERIENCE

Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure Sentinel

3 to 5 years’ experience in IT Infrastructure Support, and a further 2 to 3 years’ track record as a Tier 3 SOC Analyst or Threat Hunter (Red Teaming) in an established SOC

Advanced knowledge of networks technologies (protocols, design concepts, access control)

Advanced knowledge of various security technologies (firewalls, web gateway, endpoint protection, vulnerability management, network infrastructure, etc.)

Advanced IT infrastructure technical and problem-solving skills

Good experience working with Mimecast

Good experience working Cofense PhishMe

Good experience working with Nessus or Qualys

Good understanding of the MITRE ATT&CK framework

Good understanding of the ITIL Framework.

Good report writing skills. PowerBI or QlikView

Brilliant with a support ticketing system and experience in meeting SLA targets.

Familiarity with risk management and quality assurance control.

Excellent interpersonal skills and professional demeanor

Excellent verbal and written communication skills

Candidate must be eligible to obtain National Security Clearance

QUALIFICATIONS

Grade 12

SIEM Technology certification

MCSE, MCSA.

ITIL Foundation qualification

Degree or Diploma in Computer Technology

CompTIA A+, N+ S+

CNNA or equivalent

CompTIA CySa and CASP+ advantageous

ADDITIONAL SKILLS/ATTRIBUTES

Advanced Microsoft Excel experience, specifically data interpretation

Good understanding of IT infrastructure

A high command of the English language both written and verbal is essential.

Self-motivated with the ability to work unsupervised.

Attention to detail

Punctuality

Ability to remain flexible and adapt to changing priorities with promptness, efficiency, and ease

Possess proficient analytical and decision-making skills

Demonstrated capacity for gathering and scrutinizing data to identify issues, opportunities, and patterns

Proficient relationship building skills – predict customer behavior and respond accordingly

A strong service-oriented (‘can-do’) culture, with a strong focus on the ‘internal customer’ approach, committed to exceeding customer expectations

Good communicator with the customer environment

Dynamic but aware of the views and feelings of others

Able to operate as a good team player

Drive and Energy

Demonstrate clear purpose, enthusiasm, and commitment

Desired Skills:

