SOC Tier1 Grade2 - Logarithm

Job Description:

Candidates in this role will respond to events according to documented procedures and industry best practices. Ideal candidates should be experienced in the areas of networking client/server technologies and analyzing log files with the ability to identify false positive and true positive events. Must have experience in Linux and/or Windows operating systems. Candidates must have strong multitasking capabilities and be able to evaluate threats vulnerabilities and risk while under pressure. Candidates in this role may also be required to follow the incident response plan and assist Incident Response Analysts when necessary. Must display enthusiasm and interest in Information Security

Part of the SOC team that runs 18x7 on a rotating shift schedule.

Performing 1st level triage of incoming alerts into issues or incidents (initial assessing the priority of the event initial determination of incident to determine risk and damage or appropriate routing of security or privacy data request).

Responsible with maintaining all Level 1 analyst documentation (Ex. Incidents tracking sheets Suspicious emails sheet).

Provide initial investigation of security incidents.

Review alerts escalated by end users.

Provide limited incident response to end users for low complexity security incidents.

Provide communication and escalation throughout the incident per the Organization SOC Process.

Perform analysis of log files.

Create and analyze reports and dashboards.

Perform suspicions email analysis including mail header analysis body and content or attachments.

Prepare audit evidence (Ex: internal audit group audit PCI audit etc).

Propose any enhancement or optimization on SOC tools.

Takes an active part in the containment of incidents even after they are escalated.

Collaborate in use case creation/tuning recommendations to the engineering team based on findings during investigations or threat information reviews.

Escalating issues when necessary as per Organization OLA and procedures.

Completion of assigned tasks with maximum performance as per SLA defined in SOC processes .

Functional and Technical Competencies

• Must have:

Basic College Degree or equivalent.

6 months to 1 year prior experience in a similar position.

Logrhythm SIEM Experience

Effective verbal and written communication skills.

Highly disciplined and motivated able to work independently under direction or as a member of a team.

Possess good logical and analytical skills to help in analysis of security events/incidents.

Ability to make information security risk determinations.

Familiarity with system log information and what it means.

General Desktop OS and Server OS knowledge.

General knowledge of TCP/IP Internet Routing UNIX / LINUX & Windows NT.

Understanding of common network services (web mail DNS authentication).

Experience with the QRadar SIEM.

• Nice to have:

Knowledge of network security zones firewall IDS.

Knowledge of log formats for syslog http logs DB logs and how to gather forensics for traceability back to event.

Knowledge with Security Assessment tools (NMAP Nessus Metasploit Netcat etc...).

Remote Work :

No