January 30, 2020

Cyber Security Analyst L2/L3

  • Respond to important information security incidents detected by SIEM system and user-reported incident claims
  • Provide guidance in security countermeasures and containment and remediation to L1 security analysts and other internal teams
  • Discover tactics, techniques and procedures (TTPs) from incident investigations and develop new SIEM use cases for continuous security monitoring
  • Must be able to tackle complex and vague scenarios
  • Initiate threat hunting efforts based on relevant and latest threat intelligence
  • Participate in continuous evaluation of security controls (technology or process) against the current threats
  • Function as shift subject-matter experts (SMEs) on incident detection and analysis techniques, providing guidance to junior analysts and making recommendations to organizational managers
  • Write security incident reports and update security incident metrics
  • Conduct security research and intelligence gathering on emerging threats and exploits.
  • Serve as a backup analyst for any potential coverage gaps to ensure business continuity
  • Rotational evening and weekend work hours may be required
Desired Experience and Skills
  • At least 2 years in handling SOC cases using SIEM platforms & log management systems
  • Knowledge in the current tactics, techniques and procedures (TTPs) attackers use to breach an enterprise
  • Case reporting and analytics: Ability to summarize and provide insights
  • Experience in Python or any scripting language (bash, PowerShell)
  • Knowledge in cloud environments (AWS, Azure; GCP)
  • TCAP training and certification
  • ACE 20x training and certification
  • Passed the CyDefe’s SOC Analyst Assessment Level 1 and 2
  • Can communicate ideas clearly and deliver effective presentation
  • Attention to detail and ability to follow rules, guidelines, and processes
  • Must be available to work on-call or off hours as needed to sustain operations
  • Experience with computer forensics and incident response tools and other open-source security tools found in SANS SIFT workstation
  • Experience with use case development using ArcSight ESM
  • Knowledge in containerization technologies (Docker, Kubernetes)
  • Capability to build and integrate SOC technology stack