Mandatory Skills – All Roles
· LogRhythm Certification / Knowledge
· Customer Handling Skills
· SOC Process Knowledge
· Compliance & Governance Know How
· Preferably CISA/CISSP/CISM/CEH or equivalent Cyber Security Certifications
L1 SOC Analyst
The SOC Analyst is responsible for the monitoring of security incident alerts, and then using knowledge of attack types and standard protocol behavior to classify incidents, comment, and provide advice on mitigation or remedial actions.
Knowledge and skills on -
· SIEM platform implementation & operations
· Integration of SIEM platform with Data sources and other platforms with APIs
· Creation & modification of Runbooks and playbooks
· Creation of Security Monitoring policies on SIEM platform
· Threat Hunting & finding root cause of security events
· Provide threat and vulnerability analysis as well as security advisory services
· Monitor threat & vulnerability news services for any relevant information that may impact installed infrastructure
· Participate in compliance/vulnerability assessment scanning, and develop mitigation and remediation plans from the assessment findings
· Analyze and respond to previously undisclosed software and hardware vulnerabilities.
· Investigate, document, and report on information security issues and emerging trends.
· Integrate and share information fellow analysts and other teams.
· Create the Security Monitoring policies on the SIEM tool
· Assist the team in the SOC enhancement activities like creating the knowledge base on the previously known internal and external threats.
L2-L3 SOC Analyst / Incident Responder
· Provide analytical feedback on client network traffic patterns.
· Provide analytical feedback related to malware and other network threats.
· Understand information security policies and best practices in client environments.
· Escalate to L3 engineer of proactive and reactive actions to ensure adherence to security policy.
· Review and understand collected metrics from monitoring systems and be aware of patterns and anomalies.
· Accept, manage and update service requests and incidents to ensure contracted SLA’s are met.
· Provide technical support within the Security Incident and Event Management team to assist in the investigation and remediation of security incidents.
· Escalate incident remediation changes with other business units, vendors and customers, adhering to a predefined ITIL change management framework. This will include liaising with the Service Delivery teams and L3 engineers
· Maintain detailed knowledge of the clients’ environment(s), where applicable, by maintaining and updating relevant documentation such as Network Diagrams, Configuration and Asset Databases along with process and procedural documentation.
· Facilitate effective and appropriate communication to all stake holders to meet SLAs and expectations.
· Participate in Service Improvement Plans.
· Proactively invest time in self education and provided training to ensure a comprehensive and current understanding of our tools, processes and the people that support our customers.
SOC Team Lead
· Lead and manage Security Operations Center
· Primarily responsible for security event monitoring, management and response
· Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
· Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
· Revise and develop processes to strengthen the current Security Operations Framework, Review policies and highlight the challenges in managing SLAs
· Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Center
· Management, administration & maintenance of security devices under the purview of ITRC which consists of state-of-the art technologies
· Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
· Responsible for integration of standard and non-standard logs in SIEM
· Creation of reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt.
· Co-ordination with stakeholders, build and maintain positive working relationships with them
· Conduct Governance meeting with customers