SOC Analyst - Tier 1
  • United Arab Emirates Dubai
  • DTS Solution
1 year before
31.12.2023
Collect and Operate
Cyber Operations
Job Description

Role and Responsibilities

Work as a Cyber SOC Tier 1 Analyst in DTS Solution – HawkEye CSOC cyber command center.
The security analyst Tier 1 monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier 2 security analyst, and/or customer as appropriate to perform further investigation and resolution.
Reviews trouble tickets generated by SIEM Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
Reviews and collects asset data (configs, running processes, etc.) on systems for further investigation.
Will actively monitor security threats and risks, provide in-depth incident analysis, evaluate security incidents, and will provide proactive threat research.
Work closely with the Tier 2 Analyst to assess risk and provide recommendations for improving DTS Solution - HawkEye CSOC’s customer security posture.
Participate in security incident management and vulnerability management processes. Identify, perform, review or track security incident investigations to resolution and identify lessons learnt.
Identify, perform or review root cause analysis efforts following incident recovery to enhance operations.
Participate in evaluating, recommending, implementing, and troubleshooting security. solutions and evaluating IT security of the new IT Infrastructure systems.
Ensure that corporate data and technology platform components are safeguarded from known threats.
Develop, implement and test new SIEM use cases. Regularly identify and develop new use cases for automation and tuning of security tools
Provide technical guidance to the customer’s technical teams during the configuration of new log sources.
Understanding and implementing the SOC processes and procedures.
Follow standard operating procedures for detecting, classifying, and reporting.
Triage events for criticality and escalate according to predefined processes incidents under the supervision of Tier 2 and Tier 3 staff.
Communicate effectively with customers, team-mates, and management.
Provide input on tuning and optimization of security systems.
Follow ITIL practices regarding incident, problem and change management.
Document and maintain customer build documents, security procedures and processes.
Stay up to date with current vulnerabilities, attacks, and countermeasures.
Reviews the latest alerts to determine relevancy and urgency.
Creates new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review.
Manages and configures security monitoring tools (SIEM, SYSLOG, NETFLOW, FIM, SYSMON etc.)

Qualifications

3+ years of experience of network/security architecture or operations experience
Experience working on specific SOC/SIEM platforms
Excellent experience in Elastic (ELK), Splunk, Wazuh, LogRhythm
Experience in SOAR technologies – Demisto, Cybersponse, FortiSOAR, Swimlane
Excellent experience in MDR or EDR
Experience in using security tools – commercial and open source
Experience in defensive technologies – NGFW, AV, VPN, IPS, NETFLOW, DAM, WAF, Proxy, Web Filtering etc. Ability to inspect using PCAP files.
Knowledge with Threat Hunting and MITRE ATT&CK Methodology

Certifications

GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Enterprise Defender (GCED) issued by GIAC
GIAC Certified Incident Handler (GCIH) issued by GIAC
Certified Ethical Hacker (CEH) issued by EC-Council
CCNA, CCNP, MCSE

Send CV

If you meet the job requirements, please send your CV to
hr@dts-solution.com


Quick response

Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0009   Knowledge of application vulnerabilities.
  • K0224   Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
  • K0468   Knowledge of internal and external partner reporting.
  • K0480   Knowledge of malware.
  • K0481   Knowledge of methods and techniques used to detect various exploitation activities.
  • K0486   Knowledge of network construction and topology.
  • K0516   Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
  • K0536   Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).
  • K0560   Knowledge of the basic structure, architecture, and design of modern communication networks.
  • K0565   Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
  • K0608   Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).

Required Skills
  • S0182   Skill in analyzing target communications internals and externals collected from wireless LANs.
  • S0183   Skill in analyzing terminal or environment collection data.
  • S0192   Skill in auditing firewalls, perimeters, routers, and intrusion detection systems.
  • S0252   Skill in processing collected data for follow-on analysis.
  • S0267   Skill in remote command line and Graphic User Interface (GUI) tool usage.
  • S0276   Skill in survey, collection, and analysis of wireless LAN metadata.
  • S0363   Skill to analyze and assess internal and external partner reporting.

Required Abilities
  • A0097  Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity.