Role Proficiency:
Serve as the first point of contact for cyber security incidents escalations and investigation. Work with different teams to improve service provided by SOC to clients around the globe.
Outcomes:
React on cyber security incident escalation from L1 or customer on defined SLA and with proper investigation Analyze the L1 processes and create a new relevant process for service Analyzing the L1 requests for SIEM rule tuning and suggest relevant changes Perform trends analysis on collected data (s and incidents) and detection rules coverage Providing trainings for L1 on new technologies and tools Work with different teams (SIEM L1 TAM and etc) to provide required service to customers Perform review on handled sMeasures of Outcomes:
Accurate review on all handled s by L1 daily Reply to escalation on time based on defined SLA Number of False Positive detections reduced Percentage of threats that are blocked detected and reportedOutputs Expected:
Incident Advance investigations :
Investigate an incident escalated from previous layer Include investigation in customer’s security tools
Review and improve work and processes in L1 team:
Improve SOC detection and monitoring service :
Skill Examples:
SIEM IPS WAF etcFast self-learningGood analytic skillsGood soft skills (Verbal and writing)Presentation skill (Verbal)Programming languages such as C C# Python Perl Java PHP and Ruby on Rails
Knowledge Examples:
Knowledge Examples
Experience as SOC analyst or parallel role in cyber security Good knowledge in cyber security area: Understanding attack methods and tools understanding the attack vectors be familiar with defence methodology be updated on current trends in cyber Have experience in incident guideline definitionsAdditional Comments:
CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively. CyberProof is part of the UST family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services. The Security Operations Group of CyberProof consists of a global team of highly talented people. With 200+ highly experienced, certified cyber security experts, researchers and analysts, majority of our tier 3-4 expertise comes from Israeli Intelligence. Key Roles & Responsibilities • Resolve, escalate, report, and raise recommendations for resolving and remediating security incidents • Handle the advanced monitoring of system logs, SIEM tools, and network traffic for unusual or suspicious activity • Set up SIEM solutions and troubleshoot connectivity issues • Investigate and resolve security violations by providing post-mortem analysis to illuminate issues and possible solutions • Collate security incident and event data to produce monthly exception and management reports • Report unresolved network security exposure, misuse of resources, or noncompliance situations using defined escalation processes • Assist and train team members in the use of security tools, the preparation of security reports, and the resolution of security issues • Develop and maintain documentation for security systems and procedures • Recommend, schedule, and apply fixes, security patches, and any other measures required, in the event of a security breach Experience & Qualifications Required • Minimum 3+ years of experience as an Analyst working as part of a SOC team • Experience with SIEM vendors such as Sentinel, QRadar, ArcSight, RSA, and LogRhythm • Experience in incident response, and in writing procedures runbooks and playbooks • Ability to work with customer’s IT and security teams