Job Description:
The primary function of an Analyst is to ensure that the SOC team is performing its functions as required and to trouble shoot problematic incidents and events.
Responsibilities:
• Work collaboratively with Account Manager for Client relations
• Track incident detection and closure
• Execute risk hunting activities
• Undertake forensic investigations
• Act as subject matter expert and expert witness where required
• General intelligence advisories and delegate intelligence aggregation tasks
• Suggest new use cases for emerging threat
• Conduct incident response coordination with customer
• Validation of security incidents
• Conduct audits of logging and correlation
• Use of sandbox, honeypot, analytics tools and security testing
• Ensure process compliance
• Ensure quality of investigations and notification and direct L1 accordingly
• Report deviations to SOC manager and L3
• Ensure SLA compliance for projects within remit
• Perform deep analysis to security incidents to identify the full kill chain
• Respond to clients’ requests, concerns and suggestions
• Provide knowledge to L1 such as guides, cheat sheets etc
• Follow up with the recommendations to the client to contain an incident or mitigate a threat
• Conduct presentations and updates to the client
• Respond to incident escalations and provide solid recommendations
• Update aging incidents and requests
• Track SOC performance in terms of SLAs and incident quality
• Review vulnerability assessment reports with the client and provide necessary recommendations
• Conduct threat hunting exercises on SIEM and EDR platforms
• Develop and improve processes for monitoring and incident qualification
• Perform quarterly evaluation for L1 analysts and report feedback to the management