Analyst - SOC Monitoring

Job Purpose

To monitor, detect, analyze, and respond to security incidents and threats in an organization’s information systems and network infrastructure. You aim to protect sensitive data, uphold network security, and maintain organizational compliance with industry regulations and standards. By utilizing cutting-edge security tools, techniques, and procedures, the SOC analyst plays a critical role in preventing, mitigating, and resolving cyber threats, ensuring the overall security of the organization’s digital environment.

Job Responsibilities

Key Focus

Key Activities

Key Responsibilities:

• Examine network topologies to understand data flow through the network.
• Use SOC tools to monitor and analyze system activity to identify malicious activity continually.
• Identify network mapping and operating system fingerprinting activities.
• Continuously monitor the SIEM events/alerts to identify any anomalies.
• Perform event correlation using information from various sources within the organization to gain situational awareness and determine the effectiveness of observed attacks.
• Detect Incidents by monitoring the SIEM console, Rules, Reports, and Dashboards.
• Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, distinguishing these incidents and events from benign ones.
• Report the confirmed incident as per the Incident management process.
• Notify the Senior SOC Analyst on suspected/anomaly events for further analysis.
• Document and escalate incidents (including the event’s history, status, and potential impact for further action) that may cause an ongoing and immediate impact on the environment.
• Monitor the health of the SIEM tool and report any issues/incidents/malfunctions to the SOC SIEM administrator.
• Assist Senior SOC Analysts and security specialists in incident investigation and workflow.
• Assist the Senior SOC Analyst and internal team in incident detection and resolution.
• Communicate and provide necessary information to external teams for timely incident resolution.
  
  

Skills and knowledge:

• High-level understanding of TCP/IP protocol and OSI Seven Layer Model.
• Knowledge of security best practices and concepts.
• Knowledge of Windows and/or Unix-based systems/architectures and related security.
• Intermediate level of knowledge of LAN/WAN technologies.
• Must have a solid understanding of information technology and information security.
• Good understanding of defense-in-depth analysis techniques.
• Knowledge of log monitoring, analysis, and correlations.
• Knowledge of Incident detection, reporting, and responding.
• Understanding of security threats and vulnerabilities.
• Ability to use SIEM console to create/analyze Rules, Reports, and Dashboards.
• Sound knowledge of the functioning of IPS.
• Intermediate knowledge of using common security products like SIEM, IPS, Antivirus, File Integrity Monitoring, and DLP.
  
  

Characteristics:

• Highly result oriented and able to work independently.
• Good analytical, technical, written, and verbal communication skills.
• Ability to multi-task in a fast-paced and demanding work environment.
• Strong team player.
• Comfortable with a high-tech work environment and constantly learning new tools and innovations.
• Flexibility to work all shifts and willingness to assist the team with overtime.
• Self-motivated, curious, and knowledgeable about information security news and current events.
  
  

AOR (Any Other Responsibilities)

• Any other responsibilities as required by the Line Manager
  
  

Job Specifications

Certifications (Technical & Non-Technical)

• CompTIA Security+
• EC-Council Certified Ethical Hacker (CEH)
  
  

Minimum Work Experience

• Minimum of 4+ years’ relevant experience or working in a large-scale ICT environment focusing on Information/Cyber Security.
  
  

Education

• Bachelor’s degree in engineering, computer science, information systems, or any other quantitative field.