Role Proficiency:
Manage the onboarding of new customers. Develop and create new operation processes. Lead SOC service for various customers including deep investigation and cyber security subject expertise.
Outcomes:
Manage a complete cyber security incident and provide deep investigation Create and manage improvement process for customer services Working on improving customer detection by adding relevant detection rules Onboarding new customer to SOC service Develop and update operation methodology Be the point of contact for operational (technical) issues and platform/service improvement Guide SIEM experts Be the cyber security subject expertMeasures of Outcomes:
Successful incident management Successful onboarding of customers to services Successful implementation of improvement programsOutputs Expected:
Continuous improvement of the services:
Monitoring capability Investigation process Operation process Methodology Incident management Mitigation and automation actionSkill Examples:
Presentation skill (Verbal) and soft skill (hands on verbal and writing) Excellent analytics skill Ability to lead activity on cross culture/ geo location team to success in task Accountability Ability to think out of the box to find solution Project management skills Proficient in programming languages such as C C# Python Perl Java PHP and Ruby on Rails.Knowledge Examples:
Knowledge Examples
Experience in cyber security discipline Excellent knowledge of cyber security defence methods (tools topology best practices) Excellent knowledge on Mitre frameworks (or other common frameworks) Practical experience with developing and implementation processes Relevant certification in cyber security Advance knowledge with SIEM solution Experience with cloud (working secure monitoring)Additional Comments:
CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively. CyberProof is seeking a SOC L3 Engineer who will be part of our growing Global Operations & Delivery team, which monitors, investigates, and resolves security incidents, violations, and suspicious activities. Our global Operations group takes innovative approaches and uses the most cutting-edge technologies to transform the operations of our customers and secure the security landscape. Main Responsibilities Act as an escalation point for high and critical severity security incidents, and conduct thorough investigations to determine potential impact and understand extend of compromise; Analyse attack patterns, Tools, Techniques and Procedures (TTPs) to identify methods of attacks and attack life cycle; Provide recommendations on issue resolution activities such as security controls policy configuration changes and security hygiene improvement; Provide guidance on mitigating risks associated with security vulnerabilities; Hunt for Indicators of Compromise (IOCs) and signs of Advanced Persistent Threats (APTs) within the Client’s environment; Conduct threat hunting by means of in-depth log analysis to identify potential threats that may have evaded automated detection; Conduct analysis to gather evidence, validate root cause and analyse extend of compromise leveraging Client’s security toolset; Identify gaps and weaknesses in existing security processes and propose enhancements to improve Client’s established incident response methodologies; Collaborate with cross-functional teams, to ensure end to end management of security incident lifecycle; Document and update incident response processes, define outcomes for future references and drive continuous improvement; and Participate in regular team meetings, Incident Response war room discussions and executive briefing sessions. Minimum 2+ years of experience as a SOC L3 Analyst working as part of a Global SOC team Resolve, escalate, report, and raise recommendations for resolving and remediating security incidents. Be an escalation point for investigations of clients and suggest optimization activities to improve their performance. Proactively monitor and review threats and suspicious events from customers participating in the service. Handle the advanced monitoring of system logs, SIEM tools, and network traffic for unusual or suspicious activity. Set up SIEM solutions and troubleshoot connectivity issues. Investigate and resolve security violations by providing post-mortem analysis to illuminate issues and possible solutions. Collate security incident and event data to produce monthly exception and management reports. Report unresolved network security exposure, misuse of resources, or noncompliance situations using defined escalation processes. Assist and train team members in the use of security tools, the preparation of security reports, and the resolution of security issues. Develop and maintain documentation for security systems and procedures. Experience in handling Linux servers, familiar with Linux OS and commands Requirements Maintain excellent customer satisfaction through professional, proactive and personal service. Experience with SIEM vendors such as QRadar, ArcSight, RSA, and LogRhythm Experience in incident response, and in writing procedures runbooks and playbooks Ability to work with customer’s IT and security teams