SOC Monitoring Associate CPX

Overview

To triage/analyze alerts raised by cybersecurity detection tools deployed onsite or remotely and escalate the ones to be escalated to Senior SOC Analyst.

Ability to handle high-pressure and complex situations.

Ability to work on shift 24x7.

Responsibilities

• Examine network topologies to understand data flows through the network.
• Use SOC tools for continual monitoring and analysis of system activity to identify malicious activity.
• Identify network mapping and operating system fingerprinting activities.
• Continuously monitor the SIEM events/alerts to identify any anomalies.
• Perform event correlation using information gathered from a variety of sources within the organization to gain situational awareness and determine the effectiveness of observed attacks.
• Detect Incidents by monitoring the SIEM console, Rules, Reports, and Dashboards.
• Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities.
• Report the confirmed incident as per the Incident management process.
• Notify the Senior SOC Analyst on suspected/anomaly events for further analysis.
• Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Monitor the health of the SIEM tool and report any issues/incidents/malfunctions to the SOC SIEM administrator.
• Assist Senior SOC Analyst and other security specialists in incident investigation and workflow.
• Assist Senior SOC Analyst and internal team in incident detection and resolving.
• Communicate and provide necessary information to external teams for timely incident resolution
• Knowledge of incident handling process
• Knowledge in recognizing and categorizing types of vulnerabilities and associated attacks.
• Work on shift 24x7
• Collaborate and build relationships with internal parties to support SOC operations.
• Self-motivated, curious, and knowledgeable about information security news and current events.
• Ability to build relationships and interact effectively with internal parties.
• Good analytical, technical, written, and verbal communication skills.
• Comfortable with a high-tech work environment and constantly learning new tools and innovations.
• Good working knowledge of Office tools.
• Self-motivated, curious, and knowledgeable about information security news and current events.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of which system files (e.g., log files, registry files, and configuration files) contain relevant information and where to find those system files.
• Knowledge of hacking methodologies in Windows or Unix/Linux environment Surveillance and penetration testing principles, tools, and techniques (e.g., Metasploit, NeoSploit).
• Knowledge of programming language structures and logic.
• Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies Web Technology.
• Knowledge of malware and malware analysis tools (e.g., Olly Debug, Ida Pro).
• Knowledge of virtual machine-aware malware, debugger-aware malware, and packing.
• Knowledge of types and collections of persistent data and of basic concepts and practices of processing digital forensic data.
• Knowledge of forensic processes for seizing and preserving digital evidence (e.g., a chain of custody).
• Knowledge of Cyber Threat Intelligence, Endpoint Protection, Security Orchestration, and Automation technologies.
  
  

• Minimum 3 years experience in Information and Cyber Security.
• Minimum 3 years experience with SIEM technologies