CSOC Analyst L1
- Doha, QA
- Contract
Responsibilities
Responsible to triage cyber security incidents as a member of Security Operations Center incident responders’ team first line.
· Continuously monitors the operating systems alert queue; triages security alerts; monitors health of operating systems security sensors and endpoints; collects data and context necessary to escalate to Tier 2 Analyst.
· Continuously monitoring the operating systems alert queue using multiple tools, such as SIEM, EDR and custom-built system monitoring tools.
· Continuously monitors health of operating systems security sensors.
· Conduction initial triage of alerts to identify potential, false positives, policy violations, intrusion attempts and compromises on the system level.
· Consolidating data from alert triage to provide context necessary to escalate to Tier 2 Analyst.
· Escalate to Tier 2 Analyst with all necessary data for deeper analysis and review.
Should have good knowledge of security tools as follows:
· Knowledge about MS Windows and UNIX based systems
· Knowledge TCP/IP version 4 and version 6
· Security Event and Incident Monitoring System (SIEM), Orchestration tool and playbook response concept, Endpoint Detection and Response tool (EDR), Anti-malware systems, Intrusion Detection and Prevention Systems, Firewalls.
Required industry certificates:
· Comp TIA CySA+ certificate – Cyber Security Analyst Certification - in good standing
· Incident Response Fundamentals certificate – in good standing
Recommended industry certificates:
· Analyst/Administrator for any SIEM solution industry leaders
· Some of SANS, GIAC, ISACA, (ISC)2 certificates or trainings