Security Analyst (SOC Level 2)

Responsibilities:

• Monitor third party security feeds, forums, and mailing lists to gather information related to the client through automated means

• Produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk through the use of customer, community, and open source reporting

• Produce actionable intelligence information for delivery to colleagues and customers in the form of technical reports, briefings, and data feeds

• Review vulnerabilities advisories

• Review and process threat intelligence reports

• Perform detailed investigative works into all traffic anomalies against established, historical baselines of individual agencies. Reviewing and profiling the events of all monitored clients

• Assess each event based on factual information and wider contextual information available

• Review, propose and generate reports to automate or reduce low value event escalations

• Build rules and intelligence to detect such threats and proliferate to all monitored networks

• Implementing and devising detection method of such threats in our security operations through SIEM Rules, DB scripts etc

• Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available

• Supports the development of tactics, techniques, and procedures in providing proactive threat hunting and analysis against the available information sources (e.g. Netflow, DNS and Firewall logs, etc.)

• Assist the Security Analysts with the investigative works

• Prepare training programme for Security Analyst and conduct knowledge sharing sessions for Security Analyst

• Fulfil Change Requests, Service Requests and respond to internal / external enquiries with regards to detection Use Case

• Any other tasks as assigned

Requirements:

• Degree holder with at least 5 years' of experience in related field and capacity

• Prior experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT)

• Possessed deep interest in open source research and critical thinking / contextual analysis abilities • Investigative and analytical problem solving skills

• An understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security

• Related professional cyber security certification, such as GCIA, CEH, will be preferred

• Experience with intelligence analysis processes, including Open Source Intelligence (OSINT) and closed source intelligence gathering, source verification, data fusion, link analysis, and threat actor

• Ability to research and characterize security threats to include identification and classification of threat indicators

Responsibilities:

• Monitor third party security feeds, forums, and mailing lists to gather information related to the client through automated means

• Produce intelligence outputs to provide an accurate depiction of the current threat landscape and associated risk through the use of customer, community, and open source reporting

• Produce actionable intelligence information for delivery to colleagues and customers in the form of technical reports, briefings, and data feeds

• Review vulnerabilities advisories

• Review and process threat intelligence reports

• Perform detailed investigative works into all traffic anomalies against established, historical baselines of individual agencies. Reviewing and profiling the events of all monitored clients

• Assess each event based on factual information and wider contextual information available

• Review, propose and generate reports to automate or reduce low value event escalations

• Build rules and intelligence to detect such threats and proliferate to all monitored networks

• Implementing and devising detection method of such threats in our security operations through SIEM Rules, DB scripts etc

• Perform periodic analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available

• Supports the development of tactics, techniques, and procedures in providing proactive threat hunting and analysis against the available information sources (e.g. Netflow, DNS and Firewall logs, etc.)

• Assist the Security Analysts with the investigative works

• Prepare training programme for Security Analyst and conduct knowledge sharing sessions for Security Analyst

• Fulfil Change Requests, Service Requests and respond to internal / external enquiries with regards to detection Use Case

• Any other tasks as assigned

Requirements:

• Degree holder with at least 5 years' of experience in related field and capacity

• Prior experience working in a Security Operations Centre (SOC) or Computer Emergency Response Team (CERT/CIRT)

• Possessed deep interest in open source research and critical thinking / contextual analysis abilities • Investigative and analytical problem solving skills

• An understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security

• Related professional cyber security certification, such as GCIA, CEH, will be preferred

• Experience with intelligence analysis processes, including Open Source Intelligence (OSINT) and closed source intelligence gathering, source verification, data fusion, link analysis, and threat actor

• Ability to research and characterize security threats to include identification and classification of threat indicators