CSOC Analyst L2
- Doha, QA
- Contract
Job responsibilities:
Responsible to triage operating system related cyber security incidents as a member of Security Operations Center incident responders’ team second line.
Performs deep-dive incident analysis by correlating data from various sources; determines if a critical system or data set has been impacted; advises on remediation; provides support for new analytic methods for detecting threats.
· Proactively monitoring the operating systems alert queue using multiple tools, such as SIEM, EDR and custom-built system monitoring tools.
· Conducting triage of alerts to identify potential, false positives, policy violations, intrusion attempts and compromises on the system level.
· Consolidating data from alert triage to provide context necessary to escalate Tier 3 Analyst.
· Escalate to Tier 3 Analyst with all necessary data for deeper analysis and review.
· Collecting evidence on operating system level for Incident analysis.
· Advises on remediation.
· Supporting operating system related security controls management.
· Supporting operating system related threat detection analytics.
Should have good knowledge of security tools and skills as follows:
· Knowledge about MS Windows and UNIX based systems
· Knowledge TCP/IP version 4 and version 6
· Manual testing skills
· Automation testing skills
· Technical writing skills
· Problem solving skills and attention for detail
· Malware analysis sandboxing solution, Security Event and Incident Monitoring System (SIEM), Orchestration tool and playbook response concept, Endpoint Detection and Response tool (EDR), Anti-malware systems, Intrusion Detection and Prevention Systems, Firewalls.
Required industry certificates:
· ECC CEH – Certified Ethical Hacker - in good standing
· some of SANS, GIAC, ISACA, (ISC)2 certificates or trainings - in good standing
Recommended industry certificates:
· SANS, GIAC, ISACA, (ISC)2