Role and Responsibilities
Work as a Cyber SOC Tier 1 Analyst in DTS Solution – HawkEye CSOC cyber command center.
The security analyst Tier 1 monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier 2 security analyst, and/or customer as appropriate to perform further investigation and resolution.
Reviews trouble tickets generated by SIEM Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.
Reviews and collects asset data (configs, running processes, etc.) on systems for further investigation.
Will actively monitor security threats and risks, provide in-depth incident analysis, evaluate security incidents, and will provide proactive threat research.
Work closely with the Tier 2 Analyst to assess risk and provide recommendations for improving DTS Solution - HawkEye CSOC’s customer security posture.
Participate in security incident management and vulnerability management processes. Identify, perform, review or track security incident investigations to resolution and identify lessons learnt.
Identify, perform or review root cause analysis efforts following incident recovery to enhance operations.
Participate in evaluating, recommending, implementing, and troubleshooting security. solutions and evaluating IT security of the new IT Infrastructure systems.
Ensure that corporate data and technology platform components are safeguarded from known threats.
Develop, implement and test new SIEM use cases. Regularly identify and develop new use cases for automation and tuning of security tools
Provide technical guidance to the customer’s technical teams during the configuration of new log sources.
Understanding and implementing the SOC processes and procedures.
Follow standard operating procedures for detecting, classifying, and reporting.
Triage events for criticality and escalate according to predefined processes incidents under the supervision of Tier 2 and Tier 3 staff.
Communicate effectively with customers, team-mates, and management.
Provide input on tuning and optimization of security systems.
Follow ITIL practices regarding incident, problem and change management.
Document and maintain customer build documents, security procedures and processes.
Stay up to date with current vulnerabilities, attacks, and countermeasures.
Reviews the latest alerts to determine relevancy and urgency.
Creates new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review.
Manages and configures security monitoring tools (SIEM, SYSLOG, NETFLOW, FIM, SYSMON etc.)
Qualifications
3+ years of experience of network/security architecture or operations experience
Experience working on specific SOC/SIEM platforms
Excellent experience in Elastic (ELK), Splunk, Wazuh, LogRhythm
Experience in SOAR technologies – Demisto, Cybersponse, FortiSOAR, Swimlane
Excellent experience in MDR or EDR
Experience in using security tools – commercial and open source
Experience in defensive technologies – NGFW, AV, VPN, IPS, NETFLOW, DAM, WAF, Proxy, Web Filtering etc. Ability to inspect using PCAP files.
Knowledge with Threat Hunting and MITRE ATT&CK Methodology
Certifications
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Enterprise Defender (GCED) issued by GIAC
GIAC Certified Incident Handler (GCIH) issued by GIAC
Certified Ethical Hacker (CEH) issued by EC-Council
CCNA, CCNP, MCSE
Send CV
If you meet the job requirements, please send your CV to
hr@dts-solution.com