Login for faster access to the best deals. Click here if you don't have an account.

Cyber Security Analyst L2

2 years ago   Security & Safety   Pune   310 views Reference: 20109
Job Details

The primary function of an L2 Analyst is to ensure that the SOC team is performing its functions as required and to trouble shoot problematic incidents and events. In summary, the L2 Analyst shall also act as the technical SME and shall report technically to the L3 Analyst.

Responsibilities

• Work collaboratively with Account Manager for Client relations
• Track incident detection and closure
• Execute risk hunting activities
• Undertake forensic investigations
• Act as subject matter expert and expert witness where required
• General intelligence advisories and delegate intelligence aggregation tasks to L2
• Generate new use cases for emerging threats
• Conduct incident response coordination with customer
• Validation of security incidents
• Conduct audits of logging and correlation
• Conduct monthly security use case review and correlation audits
• Use of sandbox, honeypot, analytics tools and security testing
• Escalation management
• Ensure process compliance
• Ensure quality of investigations and notification and direct L2 and L1 accordingly
• Report deviations to SOC manager and L3
• Ensure SLA compliance for projects within remit
• Perform deep analysis to security incidents to identify the full kill chain
• Set up weekly meeting to review the weekly reports with the client
• Respond to clients’ requests, concerns and suggestions
• Act as subject matter expert for different clients
• Provide knowledge to L1 and L2 such as guides, cheat sheets etc
• Follow up with the recommendations to the client to contain an incident or mitigate a threat
• Conduct presentations and updates to the client
• Respond to incident escalations and provide solid recommendations
• Update aging incidents and requests
• Track SOC performance in terms of SLAs and incident quality
• Review vulnerability assessment reports with the client and provide necessary recommendations
• Configure and maintain vulnerability scanners policies and reports
• Conduct threat hunting exercises on SIEM and EDR platforms
• Conduct penetration testing on web applications, mobile applications, servers (Windows/Linux) and wireless infrastructure
• Develop and improve processes for monitoring and incident qualification
• Perform quarterly evaluation for L1 and L2 analysts and report feedback to SI management
• Participate in professional services (internal and external penetration testing, wireless assessments, web and mobile application assessments, firewall and server security audits, social engineering exercises, security awareness programs etc.)
• Perform threat intelligence analysis and investigations. Search on the dark web and use other platforms such as RF to identify intelligence indicators or threats for a specific client
• Create reports for threat intelligence as a service.

Essential Skills

• Experience with Security Information Event Management (SIEM) tools, creating advanced co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessments
• Should have expertise on TCP/IP network traffic and event log analysis
• Knowledge and hands-on experience with LogRhythm, QRadar, Arcsight, Mcafee epo, NetIQ Sentinel or any SIEM tool
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management
• Configuration and Troubleshooting experience on Checkpoint, Cisco, Fortigate, PaloAlto and Sonicwall firewalls would be an added advantage
• Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products

Additional Desired Skills

• Strong verbal and written English communication
• Strong interpersonal and presentation skills
• Ability to work with minimal levels of supervision
• Willingness to work in a job that involves 24/7 operations

Education Requirements & Experience

• Bachelors in Computer Science/IT/Electronics Engineering, M.C.A. or equivalent University degree
• Minimum of 4-6 years of experience in the IT security industry, preferably working in a SOC environment
• Certifications: GCIH, CCNA, CCSP, CEH

Interested candidates Click on below link Apply Online and you will be redirected to Career Page of Company or Career url.

Company Description
"SecurityHQ prides itself on its global reputation as an advanced Managed Security Service Provider, delivering superior engineering-led solutions to clients around the world. By combining dedicated security experts, cutting-edge technology and processes, clients receive an enterprise grade experience that ensures that all IT virtual assets, cloud, and traditional infrastructures, are protected."