SOC Analyst - Tier 2
  • United Arab Emirates Dubai
  • DTS Solution
1 year before
31.12.2023
Collect and Operate
Cyber Operations
Job Description

Role and Responsibilities

Work as a Cyber SOC Tier 2 Analyst in DTS Solution – HawkEye CSOC cyber command center
Reviews asset discovery and vulnerability assessment data.
Utilize advanced technical background and experience in information technology and incident response handling to scrutinize and provide corrective analysis to escalated cybersecurity events from Tier 2 analysts distinguishing these events from benign activities.
Provide in-depth cybersecurity analysis, and trending/correlation of large data-sets such as logs, event data, and alerts from diverse network devices and applications within the customer to identify and troubleshoot specific cyber security incidents, and make sound technical recommendations that enable expeditious remediation.
Conducts deep analysis on production systems to validate resiliency and identify areas of weakness to fix.
Recommend how to optimize security-monitoring tools based on threat hunting discoveries.
Assist in identifying (hunting) and profiling threat actors and TTPs.
Provide recommendations to clients for containment and eradication of threats.
Supporting the detection, containment, and eradication of APT activities targeting customer networks.
Proactively search through log, network, and system data to find and identify undetected threats.
Conduct security tool/application tuning engagements with analysts and engineers to develop/adjust rules and analyze/develop related response procedures, and reduce false-positives from alerting
Identify and ingest indicators of compromise (IOCs) (e.g., malicious IPs/URLs, etc.) into network security tools/applications to protect the customer network.
Quality-proof technical advisories and assessments prior to release from SOC.
Coordinate with and provide expert technical support to enterprise-wide technicians and staff to resolve confirmed incidents.
Report common and repeat problems, observed via trend analysis, to SOC management and propose process and technical improvements to improve the effectiveness and efficiency of alert notification and incident handling.
Development of advanced threat modelling techniques and building advanced SIEM use cases.
Ability to perform in-depth security incident analysis and provide detailed root cause.

Qualifications

5+ years of experience of network/security architecture or operations experience
Experience working on specific SOC/SIEM platforms
Excellent experience in Elastic (ELK), Splunk, Wazuh, LogRhythm
Experience in SOAR technologies – Demisto, Cybersponse, FortiSOAR, Swimlane
Excellent experience in MDR or EDR
Experience in using security tools – commercial and open source
Experience in defensive technologies – NGFW, AV, VPN, IPS, NETFLOW, DAM, WAF, Proxy, Web Filtering etc. Ability to inspect using PCAP files.
Understanding of scripting – Python and Powershell
Ability to create signature rules such as Snort, Yara
Experience with Threat Hunting and MITRE ATT&CK Methodology

Certifications

SANS Certified Intrusion Analyst (GCIA)
SANS Certified Security Monitoring and Operations (GMON)
SANS Certified Enterprise Defender (GCED) issued by GIAC
SANS Certified Incident Handler (GCIH) issued by GIAC
Certified Ethical Hacker (CEH) issued by EC-Council

Send CV

If you meet the job requirements, please send your CV to
hr@dts-solution.com

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0009   Knowledge of application vulnerabilities.
  • K0224   Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
  • K0468   Knowledge of internal and external partner reporting.
  • K0480   Knowledge of malware.
  • K0481   Knowledge of methods and techniques used to detect various exploitation activities.
  • K0486   Knowledge of network construction and topology.
  • K0516   Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
  • K0536   Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).
  • K0560   Knowledge of the basic structure, architecture, and design of modern communication networks.
  • K0565   Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
  • K0608   Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).
Required Skills
  • S0182   Skill in analyzing target communications internals and externals collected from wireless LANs.
  • S0183   Skill in analyzing terminal or environment collection data.
  • S0192   Skill in auditing firewalls, perimeters, routers, and intrusion detection systems.
  • S0252   Skill in processing collected data for follow-on analysis.
  • S0267   Skill in remote command line and Graphic User Interface (GUI) tool usage.
  • S0276   Skill in survey, collection, and analysis of wireless LAN metadata.
  • S0363   Skill to analyze and assess internal and external partner reporting.
Required Abilities
  • A0097  Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity.