Role Proficiency:

Take the lead in monitoring and maintenance across a global customer base for respective SIEM or EDR technology taking ownership of issues through and including resolution.

Outcomes:

Monitor investigate and provide meaningful resolution for tickets and issues across multiple customers for the specified SIEM or EDR type. Escalate accordingly issues observed to a team member if appropriate to ensure optimal performance of the platform supported. Contribute to the evolution of the wider teams capabilities to help deliver CyberProof’s strategic vision for a global managed SIEM services. Build strong relationships with customers and key stakeholders to ensure customer requirements and needs are fulfilled. Take ownership of personal workload acting as a role model for peers. Continuously seek to improve the service offered to global customers. A Subject Matter Expert for the respective technology being worked on both internally within CyberProof and for managed clients providing input for key in- life services within CyberProof. Assist with service and change requests for platform types such as access requests as well as more targeted requests for specific modules on platform such as dashboard creation query support Investigation of more complex issues. Proactively develop and maintain documentation and knowledge articles for wider members of the team relating to customers supported. Ensure in-life requests are being actioned in a timely manner for self and junior roles. Provide assistance and mentorship for global team members both within and outside the

Measures of Outcomes:

Percent of Adherence to processes and methodologiesa.Percent of adherence to SLA's for in- life ticketing processesb.Percent of adherence to workflows and completeness of audit trail for all activities undertaken. Productivity score maintaineda.Number of issues with early identification in case of problems with delivering tasks or workload.b.Number of issues with effective evidence provided for escalations during triage. Number of identified opportunities implemented to enhance change and process documentation to ensure remain relevant for broader team. Number: of relevant skill related training and development activities undertaken; evidenced by certification.

Outputs Expected:

Technical Expertise:

Show strong comprehension and experience with the specific SIEM or EDR platform that Specialist is working on. Take the lead on identifying issues with the specified platform type or its supporting infrastructure. Using technology identify and implement technical solutions to issues with queries/rules/dashboards/data feeds

Platform Management – Incidents and Requests:

Provide accurate updates to appropriate Service and Change Requests; ensuring an audit trail is preserved and SLAs are achieved. Proactive identification of issues
with behavioural analysis/patterns identified
with suggestions and plans for achieving resolution. Provide leadership and support to Junior members.

Stakeholder Focus:

Comfortable and aware of the customers supported
Capable of providing support towards QBR preparation and delivery as required. Ensure relevant reporting metrics of customer information provided in a timely manner. Engage with customer/TAM/Project team where required. Ensure customer specific processes are being followed. Undertake mandatory and proactive learning and development opportunities.

Skill Examples:

Excellent communication skills with both internal and external stakeholders Ability to be prepared to undertake background check/validation to ensure integrity. Ability to work unsupervised with the assigned SIEM or EDR technologies and their supporting infrastructure Aptitude in identification objectives and priorities for the broader team; identifying successes/failings Capacity in working with multiple querying languages with the ability to have a full end- to- end set of skills from onboarding and parsing a log source to exploiting via analytics or rulesets. Ability to have sufficient experience and confidence in target toolset to be able to provide mentoring to upskill junior members. Capable of showing strong analytical skills working across multiple technologies and customers as well as sufficient competence to draft support documentation for internal or external use.

Knowledge Examples:

Knowledge Examples

Experience in working with Security Operations and/or EDR/SIEM Platform Management roles. An understanding of various Security Frameworks and Security controls with a focus on IT. Multiple years of experience working as part of a MSSP style environment working with different customer types Detailed knowledge of specific SIEM or EDR technology as well as how the capability can be utilised to support operations. Experience and knowledge of how to utilise Big Data and Data manipulation. Desirable: Certifications in IT infrastructure / SIEM / EDR / Ethical Hacking Desirable: Academic qualifications and/or relevant work experience in lieu of qualifications.

Additional Comments:

CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively. CyberProof is seeking a SOC L3 Engineer who will be part of our growing Global Operations & Delivery team, which monitors, investigates, and resolves security incidents, violations, and suspicious activities. Our global Operations group takes innovative approaches and uses the most cutting-edge technologies to transform the operations of our customers and secure the security landscape. Main Responsibilities • Act as an escalation point for high and critical severity security incidents, and conduct thorough investigations to determine potential impact and understand extend of compromise; • Analyse attack patterns, Tools, Techniques and Procedures (TTPs) to identify methods of attacks and attack life cycle; • Provide recommendations on issue resolution activities such as security controls policy configuration changes and security hygiene improvement; • Provide guidance on mitigating risks associated with security vulnerabilities; • Hunt for Indicators of Compromise (IOCs) and signs of Advanced Persistent Threats (APTs) within the Client’s environment; • Conduct threat hunting by means of in-depth log analysis to identify potential threats that may have evaded automated detection; • Conduct analysis to gather evidence, validate root cause and analyse extend of compromise leveraging Client’s security toolset; • Identify gaps and weaknesses in existing security processes and propose enhancements to improve Client’s established incident response methodologies; • Collaborate with cross-functional teams, to ensure end to end management of security incident lifecycle; • Document and update incident response processes, define outcomes for future references and drive continuous improvement; and • Participate in regular team meetings, Incident Response war room discussions and executive briefing sessions. • Minimum 3+ years of experience as a SOC L3 Analyst working as part of a Global SOC team • Resolve, escalate, report, and raise recommendations for resolving and remediating security incidents. • Be an escalation point for investigations of clients and suggest optimization activities to improve their performance. • Proactively monitor and review threats and suspicious events from customers participating in the service. • Handle the advanced monitoring of system logs, SIEM tools, and network traffic for unusual or suspicious activity. • Set up SIEM solutions and troubleshoot connectivity issues. • Investigate and resolve security violations by providing post-mortem analysis to illuminate issues and possible solutions. • Collate security incident and event data to produce monthly exception and management reports. • Report unresolved network security exposure, misuse of resources, or noncompliance situations using defined escalation processes. • Assist and train team members in the use of security tools, the preparation of security reports, and the resolution of security issues. • Develop and maintain documentation for security systems and procedures. Requirements • Maintain excellent customer satisfaction through professional, proactive and personal service. • Experience with SIEM vendors such as QRadar, Sentinel, SPlunk • Experience in incident response, and in writing procedures runbooks and playbooks • Ability to work with customer’s IT and security teams