Position Summary
The incumbent will primarily be responsible for categorizing identified Cyber Security threats and incidents while conducting an in-depth analysis of the risk profile of said threats to the management team for further action.
He/she is the escalation point of the L1 SOC Analyst for any identified potential anomalies and will perform an in-depth investigation into the matters.
Key Responsibilities
- Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
- Determine appropriate course of action in response to identified and analyze anomalous network activity
- Determine tactics, techniques, and procedures (TTP) for intrusion sets, determine the effectiveness of an observed attack
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
- Monitoring and reviewing Audit logs from security sources, such as SIEM, Applications, Cloud services, for the usage of Privileged IDs and activities to ensure compliance with security policies.
- Lead and support incidents or event escalations or reviews escalated by T1 Analysts ensuring that escalations are handled within agreed SLAs
- Administer and upkeep SIEM tools & solutions (i.e. BeyondTrust, TPAM, Tenable)
- Management of Privilege IDs user access matrix
- Liaise with vendors on upcoming projects/ upgrades and also support and oversee the proper deployment, configuration, and functioning of systems, post-implementation
- Work with auditors and track audit items assigned to the team
Requirements
- Diploma or degree in Computer Science, Information Systems or related disciplines
- At least 3 years of working experience in an IT Security Operations environment
- Experience monitoring security information and event management (SIEM) systems & tools (i.e. McAfee, Security Analytics, Logrhythm, Tripwire,& Tufin)
- Experience in working with firewall, IPS, and IDS & handling IT Security incidents
- Experience/Knowledge in working with Cloud services such as AWS
- Knowledge of current security events and a demonstrated passion to stay informed of current industry trends
- Knowledge of regulatory requirements such as MAS Technology Risk Management.