SOC Security Analyst L2

Job Overview  

Remediate attacks intensified from SOC engineer. Their job is to collect data for more analysis, evaluate the attack, identify the root of the attack, implement required security actions to counter the attack, and restore system operations. They are also responsible for investigating and generating reports on information security issues. They perform penetration tests and review vulnerability assessments. Another key responsibility is to maintain security systems up to date and contribute to ongoing security approaches to secure the organization against further attacks.

Responsibilities

• Addresses real security incidents
• Evaluates incidents identified by SOC engineer.
• Uses threat intelligence such as updated rules and indicators of compromise (IOCs) to pinpoint affected systems and the extent of the attack
• Analyses running processes and configs on affected systems
• Carries out in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted
• Creates and implements a strategy for containment and recovery 
• Deals with critical incidents
• Carries out vulnerability assessments and penetration tests to assess the resilience of the organization and to isolate areas of weakness that need attention
• Review alerts, threat intelligence, and security data
• Identifies threats that have entered the network, and security gaps and vulnerabilities currently unknown.

Technical Skills

• Must have basic knowledge of security tools such as firewalls, intrusion detection and prevention technology, threat and vulnerability management tools, endpoint security, data loss prevention tools, filtering technologies, traffic inspection solutions, reporting technology and data analytics platforms. The SOC may also have access to enterprise forensic tools that support incident response investigations. Familiar with SQL, C, C++, C#, Java, or PHP programming languages
• Non-technical skills such as Critical thinking and problem-solving abilities and the capability to communicate and listen to the needs of organizational stakeholders.

Certifications

• Cisco Certified CyberOps Associate (optional)
• Certified SOC Analyst (CSA) (optional)
• CCNA
• CEH