· Investigates deeper on the detected behaviours when an incident is escalated by the SOC level 1 analyst
· Add context to the incident to understand the behaviour, analysing data from multiple tools and data sources
· Maintain SIEM and HIPS security sensors and tools
· Monitor security sensors and review logs to identify intrusions
· Escalate security incidents using established policies and procedures
· Perform initial analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
· Work directly with threat intelligence analysts to convert intelligence into useful detection
· Identify incident root cause and take proactive mitigation stepa
· Provide analysis of security log data from a large number of heterogeneous security devices
· Review vulnerabilities and track resolution
· Review and process threat intel reports
· Leads and participates to the continuous improvement of the service (detection level, process, operational procedures, service efficiency, service reporting)
· Implement detection use cases
· Liaise with customers on security intrusions and provide swift and accurate remediation
· Supports the SOC manager for the reporting of the activity.
· Diploma/Degree in Information System/Information Security from a recognized institution.
· 2+ year of working experience in a security operations environment.
· Basic, yet sound knowledge of network routing and switching fundamentals
· Basic, yet sound technical understanding of operating systems, network architecture and design
· Proven ability to plan and prioritize work, both their own and that of project team.
· Sound understanding of organizational issues and challenges. Able to work effectively with participants at all levels in an organization
· Ability to analyze problems and determine root causes, generating alternatives, evaluating and selecting alternatives and implementing solutions.
· Possess excellent writing skills and the ability to communicate to teammates as well as technical and executive level staff
· Results Oriented
Preferred Skills /Qualities
· Professional information technology/security certifications such as ITIL, CCNA and CEH will be preferred but related qualification (i.e. GCIA, CISSP etc.) will be an advantage
Other Special Working Conditions
· Able to perform 12-hour shift duties (2 days’ work with 2 off-days). Working hours: AM - 8:30am to 8:30pm; PM - 8:30pm to 8:30am. Shift patterns and duration may vary from time to time.