SOC L3 Senior Specialist

The Security Operations Center (SOC) Level 3 (L3) manages multiple Security technologies and produces enhancements that allow SOC team members to work collaboratively and efficiently while responding to threats. The individual in this role will work as part of a cybersecurity operations team responsible for carrying out onsite security monitoring operations. It includes overseeing the entire incident response lifecycle, continuous improvement of existing processes, strategic thinking and leading day to day operations – in cooperation with client’s SOC team. 

Tasks:

• Manage and lead High or Critical severity incident resolution
• Conducts complex investigations and providing advice to L2 Security Analysts
• Operational support using SIEM solutions (e.g. Splunk, Sentinel), EDR (e.g. CrowdStrike, Defender, Carbon Black) and NSM (e.g. Fidelis, ExtraHop) for multiple customers
• SIEM support activities which includes ad hoc reporting and basic troubleshooting
• Provide near real-time analysis, investigating, reporting, remediation, coordinating and tracking of security-related activities for customer
• Develop customized scripts or procedures to automate the repetitive tasks and improve the efficiency of incident response activities
• Performs incident coordination and communication with client to ensure effective containment, eradication, and recovery
• Provide expert advice on remediation and recovery efforts and develop threat remediation strategies
• Perform proactive analysis of the attack surface and advising on potential threats and attack vectors
• Provide feedback on security control capability gaps based on security intrusion trends. Stay abreast of the latest cyber security trends and developments
• Assist in developing, coordinating, and implementing SOC documentation
• Provide input to SOC operation metrics and reports.
• Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements

Skills and attributes for success:

• Able to do IR triage and staff on incident bridge calls
• Formulate response and recovery steps for verified incidents
• Perform triage and conduct thorough examinations of all types of digital media within client environment
• Perform log analysis locally and via SIEM/log aggregation tool

Requirements:

• Ideal candidate will have 4-5+ years of security related experience in areas such Incident Response and Forensic Investigation
• Preferably 3 years Information Security (IS) experience required Analytical mindset & aptitude to learn quickly Reliable
• Knowledge of security incident and event management, log analysis, network traffic analysis, malware investigation/remediation, SIEM correlation logic and alert generation
• Demonstrated ability to analyze, triage and remediate security incidents
• Understanding of security principles, techniques, and technologies such as SANS Top 20 Critical Security Controls and OWASP Top 10
• Knowledge of SIEM solution such as Splunk, RSA Security Analytics, ArcSight, LogRhythm, QRadar, or similar
• Knowledge and experience using EDR/XDR solution such as Cortex XSIAM, Crowdstrike, Carbon Black or similar
• Strong command on verbal and written English language, ability to clearly communicate complex messages to a variety of audiences
• Demonstrate both technical acumen and critical thinking abilities
• Agile, flexible mindset

Ideally, you’ll also have:

• Can work under pressure
• Related Certification: Example: CEH, CHFI, CompTIA A+, Sec+, ITILv3, GCFA, etc
• Desired working experience of security monitoring tools such as Splunk, QRadar, ArcSight, LogRhythm, Azure Defender, Sentinel, Fidelis, CarbonBlack, Demisto, Phantom, Symantec end point
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Good analytical, problem solving and interpersonal skills
• Degree in Computer Science, Information Security or related discipline

 Our offer:

• Workplace: 100% remote 
• B2B via Experis
• MultiSport Plus
• Group insurance
• Medicover
• E-learning platform