Role Proficiency
Under Manager's supervision effectively lead a small unit / shift / sub-team / customer engagement within a large Shared Services team in the delivery of cyber security monitoring and triage activities for our global customers. This role is in the management stream and envisages growth in management rather than the technology space.
Outcomes
- Under the supervision of the Manager effectively Lead a small SOC team (unit / shift / sub-team / small customer engagement)
- Under supervision of the manager responsible for delivery of SOC services by the team per SLA.
- Responsible for performance of activities by the team that have been defined by the manager from a contractual and regulatory perspective.
- Responsible for the quality of deliverables of the team
- Under supervision of manager ensure a well administered team / engagement.
- Under supervision of the manager responsible for customer communication and stakeholder management.
- Ensure team adherence to Information Security policies as defined by the company and customer.
Measures Of Outcomes
- Team adherence to SLA as agreed with the customer.
- Innovation Case Studies and value delivered to customer / Cyberproof.
- Productivity (Number of s and incidents addressed)
- Quality - percent of tickets that meet quality norms
- Adherence to process – Nil NC during audits
- Evidence of skill development including training and certification etc.
Outputs Expected
Team Administration and Management:
- Under supervision of the manager ensure that a balanced team is available; providing defined services
- Responsible for administrative aspects like shift roster and attendance on-call related allowances etc.
Delivery Management
- Supervision of the shift period / team such that cyber security s from the SIEM and multiple sources are dealt with by the shift / team within SLAs
- For the responsible team unit ensure delivery required quality standards.
- Under supervision of the manager define and implement new processes or changes to existing processes.
- Communicate and escalate per defined process.
Reporting
- Generation of required reports management information and analytics.
Team Competence Management
- Mentor junior team members whenever possible
- Identify training needs of the team. Under supervision of manager define and implement Training plans.
Continuous Improvement
- Ensure activities like quality checks reviews etc are performed to ensure the team is performing with required standards.
- Under supervision of the manager set benchmarks for a high-performance organisation
- Make sure that audits go smoothly; responsible for closure of audit findings and performance improvement plans
- Ensure continuous improvement in the team in areas of delivery quality operational efficiency innovation and optimization etc.
- Ensure Continuous learning
Skill Examples
- Proficiency in people and stake-holder management. Ability to manage and lead a smaller / less complex teams. Ability to inspire.
- Ability to interface with the customers and specialist teams on these topics.
- Proficient in operations / project management. Understanding of relevant frameworks in cyber security SOC IT Infrastructure etc. Exposure to ISMS Quality and BCP processes and frameworks.
- Excellent oral and written communication skills.
- Possess unimpeachable personal and professional integrity. Individuals will be required to submit to a background check.
Knowledge Examples
- 5+ Years overall experience in SOC / IT Infrastructure. A minimum of 2 years’ experience delivering SOC services to external customers (preferably in global organizations).
- University Degree in Cyber Security (no back papers) / Bachelor’s in Engineering or Science with training in cyber security
- Sound understanding of relevant tools related to SOC like SIEM EDR Ticket Management etc.
- Highly Proficient in Cybersecurity Incident Management process. Sound understanding of cyber security s and incidents. Intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc.
- Understanding of ISMS principles and guidelines. Relevant frameworks (e.g. ISO27001)
- Desirable – Training / Certification in relevant processes / frameworks related to operations / project / cyber security etc.
Additional Comments
SOC Analyst L2 is an operational role, focusing on ticket quality and security incident deeper investigation and will be responsible to handle the escalated incidents from Level 1 team within SLA. Responsibilities:
- SOC Analyst L2 would work closely with SOC L1 team, L3 team & customer and responsible for performing deeper analysis and need to interact with client in daily calls and need to take the responsibility of handling the True Positive incidents on time.
- When L1 escalates an incident to L2, need to conduct more analysis and, if needed, escalate to the customer/L3 team, or L2 analyst must advise L1 team members until the incident is resolved.
- Perform deep analysis to security incidents to identify the full kill chain Perform remediation steps according to the findings or initiate steps for remediation Prepare RCA for major incidents
- Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA.
- Identify the security gaps and need to recommend new rules/solution to L3/Customer
- Need to suggest finetuning for existing rules based on the high count/wherever required
- Create and manage the Incident handling playbook, process runbooks and ad-hoc documents whenever needed Recommend finetuning for s with logic and threshold, and possibly the query as well for the SIEM Recommend new usecases with logic and threshold, and possibly the query as well for the SIEM
- Respond to clients’ requests, concerns, and suggestions
- Proactively support L1 team during an incident.
- Performs and reviews tasks as identified in a daily task list.
- Ready to work in 24x7 rotational shift model including night shift
- Incident detection, triage, analysis and response.
- Coordinating with customers for their security related problems and providing solutions.
- Share knowledge to other analysts in their role and responsibilities
- Provide knowledge transfer to L1 such as advance hunting techniques, guides, cheat sheets etc Provide oncall support on rotational basis for off hours Knowledge Experience:
- Minimum of 3 years of experience in Cyber security, SOC
- At least 2 years of working in the SOC
- Proficient in Incident Management and Response
- In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
- Up to date in cyber security s and incidents; intermediate understanding of enterprise IT Infrastructure including Networks Firewalls OS Databases Web Applications etc.
- Understanding of ISMS principles and guidelines; relevant frameworks (e.g. ISO27001)
- Desirable – Training / Certification in Ethical Hacking/SIEM Tool etc. Experience in working on multiple SIEM tools (Sentinel, Qradar, Splunk) Experience in working with multiple EDR tools (Crowdstrike, CarbonBlack EDR, Cybereason, MS Defender for endpoint, sentinelone) Experience in handling Linux servers, familiar with Linux OS and commands Additional Desired Skills:
- Strong verbal and written English communication
- Strong interpersonal and presentation skills
- Ability to work with minimal levels of supervision
- Responsible for working in a 24x7 Security Operation centre (SOC) environment. Essential Skills: Knowledge and hands-on experience with Azure Sentinel, Microsoft 365 Defender, Microsoft Defender for Cloud Apps & Identity Protection. Continuous Learning innovation and optimization:
- Ensure completion of learning programs as suggested by Managers
- Suggest ideas that will help innovation and optimization of processes. Help develop the ideas into proposals.
- Provide suggestions to reduce the manual work Teamwork:
- Assist L1 team members where possible
Desired Skills and Experience
Incident Analysis,Customer Management,Azure Sentinel,Linux