SOC yst Tier 3LEADER

Job Description:

Candidates in this role will be responsible for conducting incident response operations according to documented procedures and industry best practices. Candidates in this role must have excellent communication skills. Must have extensive experience in multiple security areas such as SIEM IDS APT and WAF. Candidates will be required to participate in multiple intelligence communities and be able to disseminate pertinent information throughout the SOC. Ideal candidates should have extensive experience in Linux and/or Windows operating systems as well as having a deep knowledge of networking and attack methods such as SQLi and pivoting. Must display enthusiasm and interest in Information Security.

Standard Job Requirements

Prepare monthly KRIs.

Organize the monitoring Team shifts schedule.

Coordinate activities outside the Organization with the vendors and consultants.

Create daily weekly monthly quarterly and annually SOC reports.

Manage Communication with infosec GRC team on detected incidents that breached SLA/OLA.

Manage Communication with IT teams during incidents.

Completion of assigned tasks with maximum performance as per SLA defined in SOC processes.

First point of escalation for the Level 1 Analyst.

Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets.

Review and build new operational processes and procedures.

Provide first responder forensics analysis and investigation.

Drives containment strategy during data loss or breach events.

Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs).

Works directly with data asset owners and business response plan owners during low and medium severity incidents

Advice on the tuning of security solutions such as (IDS proxy policy inline malware tools) based on threat feeds trust and reputation data incidents or vulnerabilities and exploits of downstream systems.

Provide use case creation/tuning recommendations to administrators based on findings during investigations or threat information reviews.

Lead response actions for incidents where CIRT is not required to intervene (low/medium priority).

Functional and Technical Competencies

• Must have:

1 year prior experience in a similar position.

Logrhythm SIEM Experience

Ability to manage SOC team

Ability to create SOC reports meet SLAs calculate KPIs and manage team shift schedule.

Passion and drive to work in startup division with potential of significant growth in scope and services.

Possess good logical and analytical skills to help in analysis of security events/incidents.

In depth knowledge TCP/IP.

Knowledge of systems communications from OSI Layer 1 to 7.

Experience with Network and Network Security tools administration.

Knowledge of log formats and ability to aggregate and parse log data for syslog http logs DB logs for investigation purposes.

Ability to make create a containment strategy and execute.

Experience with Security Assessment tools (NMAP Nessus Metasploit Netcat etc...).

Good knowledge of threat areas and common attack vectors (malware phishing APT technology attack etc.)

Remote Work :

No