SOC L2 Engineer

JOB DESCRIPTION

• Provide Incident Response (IR) support when analysis confirms actionable incident
• Provide threat and vulnerability analysis as well as security advisory services
• Assist Entry-Level SOC analysts to help them build stronger skills
• Review layer 1 analysts ticket queue, review tickets, closure or reassignment as needed
• Create/review/modify documentation as needed, to include any process or procedure and thus ensure it’s up to date and standard
• Daily/Weekly/Monthly  SOC Reports.
• Perform basic forensics tasks
• Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems
• Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats
• Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies
• Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures.
• Staying up-to-date with emerging security threats including applicable regulatory security requirements

REQUIREMENTS

• Excellent oral and written communications in English
• Ability to successfully handle multiple priorities simultaneously is required.
• Capable of meeting and exceeding Service Level Agreements (SLAs) as required per customer requirements
• Demonstrated skills in digital investigations including: computer forensics, network forensics, malware analysis and memory analysis
• Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents
• Strong knowledge of IT including multiple operating systems and system administration skills (Windows, Solaris, Unix)
• Strong understanding of security incident management, malware management and vulnerability management processes
• Security monitoring experience with one or more SIEM technologies –IBM QRadar, LogRhythm, Splunk and intrusion detection and prevention technologies
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP
• A Bachelor's Degree / Diploma in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering
• Experience with scripting (Bash/Python).
• Minimum 4 years of experience in the field of IT Security having information Security for handling SIEM/Firewall/IPS/WAF/any other in-scope solutions.
• Valid certification for either CEH/ECIH/CHFI/Any SIEM Technical Certification/Any Firewall Technical Certification/or any other industry-related certificate.
• IBM Qradar certification (Admin/Analyst).
• Experience with SOAR technology is preferred.