As a SOC (Security Operations Centre) Analyst, the candidate will be delivering critical information to our customers about issues affecting their networks and infrastructure. This role sits in between a level 1 and level 2 analyst profile, where you will be able to learn and grow including a large amount of learning about networks, infrastructure, applications, and security; applying this knowledge along with our unique monitoring technology and tools to identify threat actors who have breached the network as well as any vulnerabilities that could be used in the future.
Once new vulnerabilities or attacks are detected, the candidate is expected to work with our customers to triage and help mitigate the issues.
On an average day, the candidate would respond and investigate alerts generated by our technology deployments and work with our development team to improve the effectiveness of multiple Security software we use.
They would then hunt around the network looking at any new protocols and interactions, applying their knowledge and expertise to determine potential threats or vulnerabilities. Often there is a need to do reverse engineering, packet analysis, statistical analysis and code-breaking. The output of this would drive further customer interactions and collaboration with our development team to automate detection algorithms. We would expect the candidate to be eager to get hands-on with our technology and push aggressively to develop their knowledge further.
The selected candidate will be joining a small but highly proficient team who have worked with us for over three years.
Any candidate must have the ability and desire to understand and learn new concepts on their own in addition to the training we will provide. We are committed to helping the selected candidate obtain professional certifications.
The Security Operations Consultant role reports to the SOC Manager.
Customer Service Communication
- Participates in team and client meetings effectively.
- Involved with regular status meetings with project team.
- Effectively communicates relevant project information to internal and external stakeholders.
- Resolves and/or escalates issues in a timely fashion.
- Understands how to communicate difficult/sensitive information tactfully.
- Escalate validated and confirmed incidents to designated incident response team.
- Notify Client of incident and required mitigation works.
- Fine-tune SIEM rules to reduce false positive and remove false negatives.
- Collect global threat intelligence and internal threats then inject actions based on analysis and recommendation.
- Proactively research and monitor security information to identify potential threats that may impact the organisation.
- Develop and distribute information and alerts on required corrective actions to the organisation.
- Learn new attack patterns, actively participate in security forums.
- Work closely with Vulnerability Management and designated incident response team.
- Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.
- Perform threat intel research.
- Track and update incidents and requests based on client’s updates and analysis results.
A perfect candidate would have:
- knowledge of SIEM (Security Information and Event Management) tools
- knowledge of TCP/IP, firewalls, routing and switching
- a degree in computer science, engineering, mathematics or physics
- understanding and interest in low-level concepts including operating systems and computer networking
- an interest in security and knowledge of key concepts and protocols
- experience in penetration testing and security monitoring
- a desire and ability to learn new topics and new technologies
- hands-on experience using different operating systems and networking technologies
- familiarity with IDS/IPS, anti-virus and anti-malware tools
- critical thinking and problem-solving skills