SOC Analyst L2/RE is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA.
Responsibilities
* SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time.
* Handle escalated incidents and coordinate with client when required.
* Work closely with Client Duty Officers on any ad-hoc operational requests.
* Collaborate with the Exabeam, Splunk, and Log Source teams to resolve issues as needed.
* Take appropriate action on IOCs received from client when required.
* Fine-tune and create new detection rules based on client requests.
o Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed
o Recommend finetuning for client with logic and threshold, and possibly the query as well for the SIEM
o Recommend new use cases with logic and threshold, and possibly the query as well for the SIEM
* Provide data from Splunk/Exabeam during client audit activities.
* Share monthly data to client for internal IMM meetings.
* Share top user-reported malicious emails from Abnormal Security for reward and recognition programs.
* Prepare RCA report when required
* Share knowledge to other analysts in their role and responsibilities
* Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc
Job Requirements
* Minimum 5 Years of experience in Security Operations
* Security event monitoring, alert triage, and thorough incident investigation.
* Research and understand log sources for effective security monitoring.
* Isolate issues, respond to incidents, and mitigate threats swiftly.
* Adjust SIEM rules for better alert and incident specifications.
* Optimize SIEM capabilities, aid in audit/logging, and generate timely reports.
* Develop and maintain security operation standards, procedures, and playbooks.
SOC, SIEM Platforms,Splunk, Exabeam, SOAR platform, Google SecOps, Log Source, Security Operations
#J-18808-Ljbffr