Job Purpose:
The SOC Analyst manages escalations, conducts threat hunting, and ensures compliance with security policies. With expertise in SIEM platforms and various protection layers, they monitor, analyze, and respond to incidents 24*7. The SOC Analyst proactively defend against zero-day attacks, and collaborate effectively for successful outcomes.
Job Responsibilities:
- Administrative / Co-Ordination - Escalation Handling: Manage and coordinate escalations within the SOC, ensuring timely resolution and communication with relevant stakeholders.
- Administrative / Co-Ordination - Compliance Monitoring: Monitor compliance with information security policies and procedures, coordinating with internal teams to address any gaps or issues.
- Execution / Implementation - Threat Hunting: Conduct proactive threat hunting activities on collected events, utilizing SIEM platforms and other tools to identify potential security threats.
- Execution / Implementation - SIEM Administration: Hands-on management of SIEM platforms (e.g., ArcSight, QRadar), including configuration, optimization, and troubleshooting at a level 2 capacity.
- People Related - Mentoring and Coaching: Provide mentorship and coaching to junior team members, assisting in their professional development and skill enhancement within the SOC environment.
- People Related - Team Collaboration: Act as a team player, collaborating effectively with colleagues and cross-functional teams to address security incidents and achieve shared objectives.
- Strategic - Risk Management Frameworks: Apply understanding of risk management frameworks to assess and mitigate security risks effectively, contributing to the strategic direction of SOC operations.
- Strategic - Zero-Day Attack Response: Proactively respond to zero-day attacks, implementing strategic measures to defend against emerging threats and strengthen overall security posture.
Skills:
FUNCTIONAL - Security Information Event Management (SIEM): Proficiency in creating, modifying, and updating SIEM configurations to effectively monitor and analyze security events.FUNCTIONAL - Threat Hunting: Ability to conduct proactive threat hunting activities to identify and mitigate potential security threats before they manifest.FUNCTIONAL - Vulnerability Assessment and Penetration Testing (VAPT): Experience in performing VAPT assessments to identify weaknesses in systems and networks and recommending remediation measures.FUNCTIONAL - Security Orchestration, Automation, and Response (SOAR): Knowledge of SOAR platforms to automate security operations and response processes, enhancing efficiency and effectiveness.FUNCTIONAL - Network and Infrastructure Security: Understanding of network and infrastructure security principles, including segmentation, firewalls, and intrusion detection systems.SOFT SKILLS / BEHAVIOURAL COMPETENCIES - Analytical Thinking: Strong analytical skills to assess security incidents, identify patterns, and derive actionable insights for proactive defense.SOFT SKILLS / BEHAVIOURAL COMPETENCIES - Client Handling: Ability to effectively handle client requests, understand their needs, and communicate solutions in a clear and concise manner.SOFT SKILLS / BEHAVIOURAL COMPETENCIES - Communication: Excellent communication skills, both verbal and written, to convey technical information to both technical and non-technical stakeholders effectively.SOFT SKILLS / BEHAVIOURAL COMPETENCIES - Problem-Solving: Proficiency in problem-solving to address security challenges, analyze malware, and develop effective countermeasures.SOFT SKILLS / BEHAVIOURAL COMPETENCIES - Team Collaboration: Capability to collaborate with cross-functional teams, sharing knowledge and insights to enhance overall security posture.TECHNICAL KNOW / HOW - EDR and XDR: Experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) solutions for endpoint security and threat detection.TECHNICAL KNOW / HOW - Authentication and Access Control: Understanding of authentication methods, access control mechanisms, and authorization processes to ensure secure access to resources.TECHNICAL KNOW / HOW - Programming/Scripting: Knowledge of programming languages or scripting (e.g., Python, PowerShell etc) for automation tasks and customization of security tools will be an added advantageTECHNICAL KNOW / HOW - Malware Analysis: Hands-on experience in analyzing malware samples to understand their behavior, identify indicators of compromise (IOCs), and develop mitigation strategies.TECHNICAL KNOW / HOW - Security Record Maintenance: Ability to maintain accurate records of monitoring and incident response activities for compliance and audit purposes.
