Security Operations Analyst - L2

SUMMARY:
The company’s security operations analyst teams monitors and fights threats to our customers’ IT infrastructure, as well as identify security weaknesses and opportunities for potential improvements.
 
Your primary role as L2 Analyst is to serve as incident responder, remediating the more serious attacks escalated from L1.
 
Description
 
RESPONSIBILITIES OF A SECURITY OPERATIONS ANALYST – L2
 
You will use an evolving set of information security tools, such as QRadar (SIEM), Fortigate EMS, Forti Analyser, Forti EDR, Antivirus, IDSs, etc. to monitor and assess the scope of the attack and identify the affected systems within our customers’ technology environment (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). You will hunt for all malicious activities, security threats and anomalies related to each incident, execute the necessary  remediation actions, collect logs for later analysis and report actions.
 
You will also need to be able to install, configure and optimise the security tools, investigate the suspicious activities they detect, support audit and compliance initiatives, and participate in developing security strategies.
You will help to protect our customers by employing a range of technologies and processes to prevent, detect and manage cyber security threats. This includes protection of computers, data, networks, applications and business operations. You will use your technical knowledge of systems, competencies and automated mechanisms to detect unauthorized activity on our customers’ information assets.
You are responsible for providing the L1 analysts with ongoing training, situational awareness, documented  procedures, etc. to ensure they are able to accurately and consistently classify and escalate, from the many thousands of daily alerts (generated by firewalls, IDS/IPS, SIEM, and endpoint protection tools) they need to wade through, all alerts tied to actual attacks – as opposed to mistakenly dismiss these, which could have disastrous consequences.
 
You will need to assess suspicious emails, network logs, and any other resource that provide insight into a customers’ network, server and applications activity. You will be expected to be able to read, understand, and notify on information security trends. It's critical that you have a solid  knowledge in areas like networking, malware analysis and incident response.
 
Your assessments will be performed using various validation tools, an understanding and application of computer security topics and malware infections, and identification of new techniques in making quick decisions with a high rate of accuracy.
 
You will work with several of your peers when responding to security incidents escalated to the  L2 Analyst team from the L1 team. For the exceptionally complex cases, you will be able to pull in support from the L3 Analyst team.
 
You will also work with and support our Systems Engineering team, who are responsible for building and maintaining the systems that the L1, L2 and L3 Security Operations Analysts use.

POSITION INFO:

Key Roles and Responsibilities:
·        Manage the prevention and resolution of security breaches and ensure incident and problem management processes are initiated.
·        Perform access management activities according to the policy.
·        Implement and discuss security service audit schedules, review access authorisation and perform the required access controls and testing to identify security weaknesses.
·        Interact with a team of Information Security Analysts and Specialists
·        2nd level triaging of security alerts, events, and notifications.
·        Notification of internal and/or external teams according to agreed alert priority levels, and escalation trees.
·        Communicate status of response, resolution and final root cause analysis to the appropriate stakeholders.
·        Ability to follow and update established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified.
·        Logging, managing and coordinating service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults.
·        Maintain an understanding of current and emerging threats, vulnerabilities, and trends
·        Incident response and monitoring:
·         Perform a variety of real-time threat analysis activities. This includes applying analytical, reasoning & specialised technical security expertise to investigate, isolate network and security incidents, identify threats, vulnerabilities, risks, and apply incident management techniques to resolve challenges. The role involves security incident handling and response from a number of vectors including End Point Protection and Enterprise Detection & response tools, attack analysis, malware analysis, network forensics, computer forensics, and a broad range of skills in LAN technologies, Windows and Linux O/S’s, and general security infrastructure.
·         Act as the technical second responder for the Computer Security Incident Response Team (CSIRT), supporting the work of technical staff from various departments, as well as the work of third party technical experts. Regularly review the current configurations of customers’ production information systems and networks against compliance standards. Review and fine-tune custom software which analyses the vast amount of log, audit trail, and other recorded activity information that modern systems record, so as to be able to immediately detect unauthorised activity, most importantly intrusion by unauthorised parties and the execution of unauthorised software.
·         Fine-tune the existing security monitoring systems so that false positives and false negatives are minimised, and so that both accurate and useful information is being passed to management and the CIRT.
·         Work with Computer Performance Analysts, Computer Operators, and other technical specialists who monitor information system activities, so as to be able to best utilise the information recorded on the systems that they monitor for information security purposes.
·         Perform post-mortem analysis with logs, network traffic flows, and other recorded information to identify intrusions by unauthorised parties, as well as unauthorised activities of authorised users which could be in support of an insurance claim, a disciplinary action, or a lawsuit.
·        Manage security breaches: Manage the prevention and resolution of security breaches and ensure that the required incident and problem management processes are initiated to ensure compliance to ISM policy. Present your findings to the business and advise on new measures required to prevent reoccurrence of similar breaches.
·        Incident Management: Prioritise and diagnose incidents according to agreed procedures. Investigate causes of incidents and seek resolution. Escalate unresolved incidents. Provide service recovery, following resolution of incidents. Document and close resolved incidents according to agreed procedures.
·        Configuration Management : Maintain secure, accurate, complete and current configuration on Configuration Items (CIs). Apply tools, techniques and processes to track, log and correct information related to CIs, ensuring protection of assets and components from unauthorised change, diversion and inappropriate use.
·        Problem Management: Investigate and identify root cause of incidents. Assist with the implementation of agreed remedies and preventative measures.
·        Access management: Ensure that access is logged and tracked and that access is removed and/or restricted as per policy.
·        Service reviews: Ensure that security service audit schedules are performed. Review access authorisation for compliance with policy, administration security controls for effectiveness, security on the operational systems and verify that security monitoring is working.
·        Service improvement: Ensure that continuous service improvements are documented in service designs and that the required security remediation plan is developed and reviewed
 
The Security Operations Analyst Level 2 is expected to adhere to numerous Key Performance Indicators to ensure decisions are made balancing factors such as risk tolerance and customer experience:
·        Investigation and qualification of SOC Analyst L2 incidents
·        Proposition of specific recommendations
·        Incident analysis for alarm correlation rules design and improvements / implementation
·        Security crisis information gathering
·        Check of applied recommendation for L1/L2 incidents
·        Contextual investigation of alarms
·        Client incident notification and required mitigation
·        SIEM rules fine-tuning and knowledge base update
·        Proactive Threat Hunting using IOCs and Threat Intelligence
·        Co-operation with SOC Analysts L1 and L3 for rapid alarm response
·        Active participation in security forums
·        Deals with alarms from SOC Analysts L1
·        Update knowledge base regularly and immediately if required
·        Trigger SOC Analysts L3 escalation if needed
·        Acts on security critical tickets within Tier 2 incident process
·        Apply business knowledge, awareness of known attacker techniques, and use of various validation tools to provide alarm determinations
·        Validate weekly, monthly, quarterly, half and yearly reports
·        Examine and monitor for attacks, intrusions and unusual, unauthorized or illegal activity
·        Use advanced analytic tools to determine emerging threat patterns and vulnerabilities
·        Investigate and solve security breaches and other cyber security incidents and provide incident response.
·        Liaise with L3 and key stakeholders in relation to cyber security issues and provide future recommendations
·        Install security measures and operate software to protect systems and information infrastructure, including but not limited to firewalls and data encryption.
·        Report security breaches and assess the damage they cause with in RCA process.
·        Support and back up SOC Analyst L3 about major incidents with assigned and identified tasks by SOC Analysts L3.
·        Work with security teams to perform tests and uncover network and application vulnerabilities.
·        Fix and adjust detected vulnerabilities to maintain a high-security standard.
·        Stay current on IT security trends, intelligence and news.
·        Research security enhancements and make recommendations to management.
 
SKILLS, COMPETENCIES & ATTRIBUTES
·        At least 4 years’ experience in a Technology Information Security Industry
·        Min 2 years of SOC Level 1 and Min 1 years of SOC Level 2 experience
·        Must have around 3-5 years of experience working in an environment compliant with the requirements of the ISO 27001 information security management systems and ISO9001 quality management system.
·        Preferable has experience in business continuity management systems (ISO 22301) and IT service management systems (ISO 20000/ITIL).
·        Candidate must have strong technical knowledge of all the above standards.
·        End Point Protection Software
·        Enterprise Detection & Response software
·        Experience or knowledge of SIEM and IPS technologies
·        Experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviours
·        Sound knowledge of technological advances within the information security arena
·        Demonstrated understanding of complex inter-relationships in an overall system or process
·        Sound knowledge of information security management and policies
·        Candidate must have a good project, customer and team management experience along with good communication and presentation skills.
What will make you a good fit for the role?
·        Seasoned and experienced professional.
·        Has full understanding of specialization area.
·        Resolves wide range of issues in creative ways.
·        Fully qualified, career level, career journey-orientated.
·        Uses good judgement in selecting tools and methods to solve problems.
·        Networks with senior internal and external people in own area of expertise.
·        Receives little instruction on day-to-day work, receives general instructions on new assignments.
 
QUALIFICATIONS & EXPERIENCE
·        B.Sc or B.Tech in IT/Computer Science. (Optional but preferred)

• Relevant degree or Diploma
• Security+ is required.
• CySA+ or equivalent required.
• CEH is a plus.
• GSEC is a plus.
• SSCP is plus.
• Certified Intrusion Analyst a plus.
• Certified Incident Handler a plus.

NB! This job is now closed. You can apply for other jobs by uploading your CV.